Reflected XSS Vulnerability in WooCommerce Report
CVE-2024-38683

7.1HIGH

Key Information:

Vendor
WordPress
Vendor
CVE Published:
20 July 2024

Summary

The vulnerability presents a risk of Reflected Cross-Site Scripting (XSS) in the WooCommerce Report plugin developed by iThemelandCo. This flaw enables an attacker to inject malicious scripts into web pages viewed by users. When users interact with affected versions of the plugin, their browsers could inadvertently execute these scripts, potentially leading to data theft, session hijacking, and further exploitation of the web application. Users of impacted versions are urged to apply patches to mitigate the risks associated with this vulnerability and protect sensitive information.

Affected Version(s)

WooCommerce Report <= 1.4.5

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Le Ngoc Anh (Patchstack Alliance)
.