Cross-Site Scripting Vulnerability in WPFactory Wishlist for WooCommerce
CVE-2024-56228

7.1HIGH

Key Information:

Vendor: WordPress
Status: Wishlist For WooCommerce: Multi Wishlists Per Customer
Vendor: CVE Published:; 31 December 2024

What is CVE-2024-56228?

A Cross-Site Scripting (XSS) vulnerability exists within the WPFactory Wishlist for WooCommerce: Multi Wishlists Per Customer plugin. This flaw allows attackers to inject malicious scripts through improperly neutralized input during the generation of web pages. As a result, users interacting with affected versions from n/a up to 3.1.2 may be susceptible to reflected XSS attacks, potentially leading to unauthorized access and manipulation of user data, or the execution of scripts within the user’s browser context.

Affected Version(s)

Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.2

References

https://patchstack.com/database/wordpress/plugin/wish-lis...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 18, 2024

Credit

Le Ngoc Anh (Patchstack Alliance)