Cross-site Scripting Vulnerability in ELEX WooCommerce Dynamic Pricing and Discounts
CVE-2024-31255

7.1HIGH

Key Information:

Vendor: WordPress
Status: Elex WooCommerce Dynamic Pricing And Discounts
Vendor: CVE Published:; 7 April 2024

What is CVE-2024-31255?

A Cross-site Scripting (XSS) vulnerability exists within the ELEX WooCommerce Dynamic Pricing and Discounts plugin, allowing attackers to inject malicious scripts through insufficient input validation during web page generation. This flaw affects versions prior to 2.1.2, permitting reflected XSS attacks which can potentially lead to user data exposure. Implementing effective sanitization methods and ensuring software is updated to the latest version are critical steps for maintaining web application security.

Affected Version(s)

ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2

References

https://patchstack.com/database/vulnerability/elex-woocom...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2024
Vulnerability Reserved
Mar 29, 2024

Credit

Le Ngoc Anh (Patchstack Alliance)