Cross-site Scripting Vulnerability in ELEX WooCommerce Dynamic Pricing and Discounts
CVE-2024-31255
7.1HIGH
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 7 April 2024
Summary
A Cross-site Scripting (XSS) vulnerability exists within the ELEX WooCommerce Dynamic Pricing and Discounts plugin, allowing attackers to inject malicious scripts through insufficient input validation during web page generation. This flaw affects versions prior to 2.1.2, permitting reflected XSS attacks which can potentially lead to user data exposure. Implementing effective sanitization methods and ensuring software is updated to the latest version are critical steps for maintaining web application security.
Affected Version(s)
ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Le Ngoc Anh (Patchstack Alliance)