Reflected XSS Vulnerability in Booster for WooCommerce
CVE-2024-29760

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Booster For WooCommerce
Vendor: CVE Published:; 27 March 2024

Summary

The Pluggabl LLC Booster for WooCommerce is susceptible to a reflected Cross-site Scripting (XSS) vulnerability, compromising the security of web applications utilizing this plugin. When improperly handling user input during web page generation, the vulnerability allows attackers to inject malicious scripts into the web pages viewed by users. This can lead to the execution of harmful scripts in the context of users' browsers, potentially exposing sensitive data, hijacking sessions, or redirecting users to fraudulent sites. Users of Booster for WooCommerce versions up to 7.1.7 need to ensure proper input validation and consider applying security patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Booster for WooCommerce <= 7.1.7

References

https://patchstack.com/database/vulnerability/woocommerce...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Mar 19, 2024

Credit

Rafie Muhammad (Patchstack)