Reflected XSS Vulnerability in Persian Woocommerce SMS
CVE-2024-54312

7.1HIGH

Key Information:

Vendor: WordPress
Status: Persian WooCommerce Sms
Vendor: CVE Published:; 13 December 2024

What is CVE-2024-54312?

The Persian Woocommerce SMS plugin experiences an issue due to improper neutralization of user input during web page generation. This vulnerability enables reflected Cross-Site Scripting (XSS), where an attacker can inject malicious scripts into web pages that are viewed by users. The vulnerability affects various versions of the plugin, culminating in version 7.0.5, thereby compromising user data and website integrity. Users of the plugin should take immediate action to apply necessary security patches and follow best practices to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Persian Woocommerce SMS <= 7.0.5

References

https://patchstack.com/database/wordpress/plugin/persian-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

minhtuanact (Patchstack Alliance)

JSON

WordPress