Cross-site Scripting (XSS) Vulnerability in Product Feed PRO for WooCommerce
CVE-2024-24800
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 27 March 2024
What is CVE-2024-24800?
A Cross-Site Scripting (XSS) vulnerability exists in the AdTribes.Io Product Feed PRO for WooCommerce, which enables an attacker to inject malicious scripts into web pages viewed by other users. This reflected XSS issue affects all versions of the plugin up to and including 13.2.5. The vulnerability arises due to improper neutralization of input during web page generation, allowing unauthorized scripts to be executed in the context of a user's browser. Exploitation of this vulnerability could lead to unauthorized access to sensitive user information and compromise user accounts.
Affected Version(s)
Product Feed PRO for WooCommerce <= 13.2.5