Check Pincode For Woocommerce Vulnerable to Reflected XSS
CVE-2024-54333

7.1HIGH

Key Information:

Vendor: WordPress
Status: Check Pincode For WooCommerce
Vendor: CVE Published:; 13 December 2024

What is CVE-2024-54333?

A reflected Cross-Site Scripting (XSS) vulnerability exists in the Check Pincode For Woocommerce plugin developed by SilverPlugins. This vulnerability arises from improper neutralization of input during web page generation, allowing attackers to inject malicious scripts into the web pages viewed by users. The exploitation of this issue can lead to a range of security concerns, including unauthorized actions being performed on behalf of the user, data theft, and compromised user sessions. Effective strategies for mitigation should be implemented to protect users from potential threats associated with this vulnerability.

Affected Version(s)

Check Pincode For Woocommerce <= 1.1

References

https://patchstack.com/database/wordpress/plugin/check-pi...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

Le Ngoc Anh (Patchstack Alliance)