Reflected XSS Vulnerability in Persian Woocommerce SMS
CVE-2024-54312

7.1HIGH

Key Information:

Vendor: WordPress
Status: Persian WooCommerce Sms
Vendor: CVE Published:; 13 December 2024

What is CVE-2024-54312?

The Persian Woocommerce SMS plugin experiences an issue due to improper neutralization of user input during web page generation. This vulnerability enables reflected Cross-Site Scripting (XSS), where an attacker can inject malicious scripts into web pages that are viewed by users. The vulnerability affects various versions of the plugin, culminating in version 7.0.5, thereby compromising user data and website integrity. Users of the plugin should take immediate action to apply necessary security patches and follow best practices to mitigate potential exploitation.

Affected Version(s)

Persian Woocommerce SMS <= 7.0.5

References

https://patchstack.com/database/wordpress/plugin/persian-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

minhtuanact (Patchstack Alliance)