Reflected Cross-Site Scripting Vulnerability in Pósturinn Shipping Plugin for WooCommerce
CVE-2024-11815

6.1MEDIUM

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
9 January 2025

Summary

The Pósturinn Shipping with WooCommerce plugin for WordPress is susceptible to a reflected cross-site scripting flaw. This vulnerability arises from poor sanitization of input data and improper escaping of output, allowing unauthenticated attackers to inject malicious scripts into web pages. If users are deceived into interacting with maliciously crafted links, the scripts can execute in their browsers, posing a significant risk to user data and site integrity. Affected users should update to the latest version to mitigate potential exploitation.

Affected Version(s)

Pósturinn\&#039;s Shipping with WooCommerce * <= 1.3.1

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
.