Stored Cross-Site Scripting Issue in Woocommerce Brands Plugin for WordPress
CVE-2024-11746
6.4MEDIUM
What is CVE-2024-11746?
The Woocommerce Brands Plugin for WordPress is susceptible to a stored cross-site scripting vulnerability through the 'product_brand' shortcode. This vulnerability arises from inadequate input sanitization and output escaping on user-provided attributes. Authenticated attackers, who have contributor-level access or higher, can exploit this flaw to inject arbitrary web scripts into pages. These scripts are executed whenever a user visits the compromised page, potentially leading to unauthorized access to user data and overall site compromise.
Affected Version(s)
GS Brands for WooCommerce 0 <= 1.3.2