Cross-site Scripting (XSS) Vulnerability in Product Feed PRO for WooCommerce
CVE-2024-24800

7.1HIGH

Key Information:

Vendor: WordPress
Status: Product Feed Pro For WooCommerce
Vendor: CVE Published:; 27 March 2024

What is CVE-2024-24800?

A Cross-Site Scripting (XSS) vulnerability exists in the AdTribes.Io Product Feed PRO for WooCommerce, which enables an attacker to inject malicious scripts into web pages viewed by other users. This reflected XSS issue affects all versions of the plugin up to and including 13.2.5. The vulnerability arises due to improper neutralization of input during web page generation, allowing unauthorized scripts to be executed in the context of a user's browser. Exploitation of this vulnerability could lead to unauthorized access to sensitive user information and compromise user accounts.

Affected Version(s)

Product Feed PRO for WooCommerce <= 13.2.5

References

https://patchstack.com/database/vulnerability/woo-product...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Jan 31, 2024

Credit

Rafie Muhammad (Patchstack)