Cross-Site Scripting Vulnerability in WPWeb WooCommerce PDF Vouchers
CVE-2024-56265
7.1HIGH
What is CVE-2024-56265?
A cross-site scripting (XSS) vulnerability exists in WPWeb's WooCommerce PDF Vouchers, primarily stemming from improper neutralization of user input during the generation of web pages. This vulnerability enables an attacker to exploit reflected XSS, potentially leading to unauthorized script execution within the user's browser. Affected versions include those prior to 4.9.9, necessitating immediate patching to protect against potential exploitation by malicious actors.
Affected Version(s)
WooCommerce PDF Vouchers < 4.9.9