Reflected Cross-Site Scripting Vulnerability in WooCommerce Extractor Plugin for WordPress
CVE-2024-11331

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: استخراج محصولات ووکامرس برای آیسی
Vendor: CVE Published:; 20 December 2024

What is CVE-2024-11331?

The Extract Products for WooCommerce plugin in WordPress has a reflected cross-site scripting (XSS) vulnerability due to insufficient input sanitization in the add_query_arg and remove_query_arg functions. This flaw affects all versions up to and including 2.1.3. Unauthenticated attackers can exploit this vulnerability to inject malicious web scripts into web pages. If users are baited into clicking a specially crafted link, their sessions may be compromised or sensitive information may be exposed, posing a severe risk to website integrity and user data privacy.

Affected Version(s)

استخراج محصولات ووکامرس برای آیسی * <= 2.1.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/isee-products-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2024
Vulnerability Reserved
Nov 18, 2024

Credit

Dale Mavers