Reflected Cross-Site Scripting Vulnerability in Pósturinn Shipping Plugin for WooCommerce
CVE-2024-11815
6.1MEDIUM
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 9 January 2025
Summary
The Pósturinn Shipping with WooCommerce plugin for WordPress is susceptible to a reflected cross-site scripting flaw. This vulnerability arises from poor sanitization of input data and improper escaping of output, allowing unauthenticated attackers to inject malicious scripts into web pages. If users are deceived into interacting with maliciously crafted links, the scripts can execute in their browsers, posing a significant risk to user data and site integrity. Affected users should update to the latest version to mitigate potential exploitation.
Affected Version(s)
Pósturinn\'s Shipping with WooCommerce * <= 1.3.1
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dale Mavers