Cross-site Scripting (XSS) Vulnerability in Staggs Product Configurator for WooCommerce
CVE-2024-54342

7.1HIGH

Key Information:

Vendor: Staggs
Status: Staggs Product Configurator For WooCommerce
Vendor: CVE Published:; 13 December 2024

Summary

The vulnerability in the Staggs Product Configurator for WooCommerce pertains to improper neutralization of input during the generation of web pages, leading to a reflected Cross-Site Scripting (XSS) issue. Attackers can exploit this flaw to inject and execute arbitrary JavaScript code within user browsers when they interact with the compromised web application. This can lead to various impacts, including data theft and session hijacking, making it crucial for users to update their plugins and safeguard their WooCommerce implementations.

Affected Version(s)

Staggs Product Configurator for WooCommerce <= 2.0.0

References

https://patchstack.com/database/wordpress/plugin/staggs/v...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)