Reflected Cross-Site Scripting Vulnerability in Pósturinn Shipping Plugin for WooCommerce
CVE-2024-11815

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Pósturinn\'s Shipping With WooCommerce
Vendor: CVE Published:; 9 January 2025

What is CVE-2024-11815?

The Pósturinn Shipping with WooCommerce plugin for WordPress is susceptible to a reflected cross-site scripting flaw. This vulnerability arises from poor sanitization of input data and improper escaping of output, allowing unauthenticated attackers to inject malicious scripts into web pages. If users are deceived into interacting with maliciously crafted links, the scripts can execute in their browsers, posing a significant risk to user data and site integrity. Affected users should update to the latest version to mitigate potential exploitation.

Affected Version(s)

Pósturinn\'s Shipping with WooCommerce * <= 1.3.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/posturinn/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025
Vulnerability Reserved
Nov 26, 2024

Credit

Dale Mavers

JSON