Reflected XSS Vulnerability in Wc Recently viewed products
CVE-2024-52484

7.1HIGH

Key Information:

Vendor: WordPress
Status: Wc Recently Viewed Products
Vendor: CVE Published:; 2 December 2024

Summary

A reflected cross-site scripting vulnerability exists in the Wc Recently Viewed Products plugin developed by Subhasish Manna, impacting versions up to 1.0.1. This vulnerability allows attackers to inject harmful scripts into web pages viewed by users, possibly leading to unauthorized actions and data leakage. Attackers may exploit this flaw by crafting malicious URLs that target unsuspecting users, resulting in compromised web sessions and potential unauthorized access to sensitive information.

Affected Version(s)

Wc Recently viewed products <= 1.0.1

References

https://patchstack.com/database/wordpress/plugin/wc-recen...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 11, 2024

Credit

Muhamad Agil Fachrian (Patchstack Alliance)