Reflected XSS Vulnerability in Tax Rate Upload
CVE-2024-32546

7.1HIGH

Key Information:

Vendor: WordPress
Status: Tax Rate Upload
Vendor: CVE Published:; 17 April 2024

Summary

A Cross-site Scripting (XSS) vulnerability exists in the Tax Rate Upload plugin by Adam Bowen, allowing attackers to inject malicious scripts into web pages. This issue arises during web page generation where the input is not properly sanitized. As a result, users who interact with the affected versions of Tax Rate Upload, specifically up to version 2.4.5, may be exposed to phishing attacks and other malicious activities through reflected XSS. It is crucial for users to be aware of this vulnerability and take appropriate measures to safeguard their applications.

Affected Version(s)

Tax Rate Upload <= 2.4.5

References

https://patchstack.com/database/vulnerability/tax-rate-up...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Apr 15, 2024

Credit

Dimas Maulana (Patchstack Alliance)