WordPress Continue Shopping From Cart plugin <= 1.3 - CSRF to Stored XSS vulnerability
CVE-2024-53714

7.1HIGH

Key Information:

Vendor: WordPress
Status: Continue Shopping From Cart
Vendor: CVE Published:; 2 December 2024

What is CVE-2024-53714?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Arrow Design's Continue Shopping From Cart plugin, allowing attackers to exploit the application and perform unauthorized actions on behalf of users. This vulnerability can lead to Stored Cross-Site Scripting (XSS), which could compromise user data and threaten the overall security of affected websites. The vulnerability impacts all versions from n/a to 1.3, emphasizing the need for immediate attention and remediation strategies by site administrators relying on this plugin.

Affected Version(s)

Continue Shopping From Cart 0 <= 1.3

References

https://patchstack.com/database/Wordpress/Plugin/continue...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 22, 2024

Credit

SOPROBRO (Patchstack Alliance)

CVE-2024-53714 Data

JSON