Cross-site Scripting (XSS) Vulnerability in Staggs Product Configurator for WooCommerce
CVE-2024-54342

7.1HIGH

Key Information:

Vendor: WordPress
Status: Staggs Product Configurator For WooCommerce
Vendor: CVE Published:; 13 December 2024

What is CVE-2024-54342?

The vulnerability in the Staggs Product Configurator for WooCommerce pertains to improper neutralization of input during the generation of web pages, leading to a reflected Cross-Site Scripting (XSS) issue. Attackers can exploit this flaw to inject and execute arbitrary JavaScript code within user browsers when they interact with the compromised web application. This can lead to various impacts, including data theft and session hijacking, making it crucial for users to update their plugins and safeguard their WooCommerce implementations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Staggs Product Configurator for WooCommerce <= 2.0.0

References

https://patchstack.com/database/wordpress/plugin/staggs/v...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)

JSON

WordPress