Arbitrary Script Injection Vulnerability in Primer Plugin for WooCommerce
CVE-2024-11809

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Primer Mydata For WooCommerce
Vendor
CVE Published:
13 December 2024

What is CVE-2024-11809?

The Primer MyData for Woocommerce plugin for WordPress is exposed to a Reflected Cross-Site Scripting vulnerability through an inadequate verification of the 'img_src' parameter. Unsanitized input from this parameter allows potential attackers to inject arbitrary web scripts. If an unsuspecting user is misled into clicking a specially crafted link, the injected scripts may be executed within their browser session, leading to a range of harmful effects, including data theft and unauthorized actions. It is essential for users to apply protective measures immediately, including updating to patched versions of the plugin and enhancing input validation practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Primer MyData for Woocommerce * <= 4.2.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
JSON
.