Reflected XSS Vulnerability in WooCommerce Report
CVE-2024-38683
7.1HIGH
Summary
The vulnerability presents a risk of Reflected Cross-Site Scripting (XSS) in the WooCommerce Report plugin developed by iThemelandCo. This flaw enables an attacker to inject malicious scripts into web pages viewed by users. When users interact with affected versions of the plugin, their browsers could inadvertently execute these scripts, potentially leading to data theft, session hijacking, and further exploitation of the web application. Users of impacted versions are urged to apply patches to mitigate the risks associated with this vulnerability and protect sensitive information.
Affected Version(s)
WooCommerce Report <= 1.4.5
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Le Ngoc Anh (Patchstack Alliance)