Reflected Cross-Site Scripting in Binary MLM Woocommerce Plugin for WordPress
CVE-2024-12384

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Binary Mlm WooCommerce
Vendor
CVE Published:
7 January 2025

Summary

The Binary MLM Woocommerce plugin for WordPress exposes a vulnerability that allows for reflected cross-site scripting due to inadequate input sanitization and output escaping. Unauthenticated attackers can exploit this flaw by manipulating the 'page' parameter, leading to the injection of arbitrary web scripts. If a user is deceived into clicking a malicious link, the script may execute in their browser, compromising their session and potentially revealing sensitive information.

Affected Version(s)

Binary MLM Woocommerce * <= 2.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/woo-binary-mlm...
https://plugins.trac.wordpress.org/browser/woo-binary-mlm...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
.