Reflected XSS Vulnerability in FriendStore for WooCommerce
CVE-2024-51784
7.1HIGH
Key Information:
- Vendor
- Vietfriend Team
- Status
- Friendstore For WooCommerce
- Vendor
- CVE Published:
- 9 November 2024
Summary
An improper neutralization of input during web page generation leads to a reflected cross-site scripting (XSS) vulnerability in the FriendStore for WooCommerce plugin. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising user data and facilitating further attacks. The vulnerability affects the FriendStore for WooCommerce plugin version 1.4.2 and earlier, making it critical for users to apply necessary updates to protect their online stores.
Affected Version(s)
FriendStore for WooCommerce <= 1.4.2
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)