Cross-Site Scripting Vulnerability in WPWeb WooCommerce PDF Vouchers
CVE-2024-56265

7.1HIGH

Key Information:

Vendor

WordPress
Status
WooCommerce PDF Vouchers
Vendor
CVE Published:
31 December 2024

What is CVE-2024-56265?

A cross-site scripting (XSS) vulnerability exists in WPWeb's WooCommerce PDF Vouchers, primarily stemming from improper neutralization of user input during the generation of web pages. This vulnerability enables an attacker to exploit reflected XSS, potentially leading to unauthorized script execution within the user's browser. Affected versions include those prior to 4.9.9, necessitating immediate patching to protect against potential exploitation by malicious actors.

Affected Version(s)

WooCommerce PDF Vouchers < 4.9.9

References

https://patchstack.com/database/wordpress/plugin/woocomme...
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bonds (Patchstack Alliance)
.
The Cyber Security Vulnerability Database.