Cross-Site Scripting Vulnerability in WPWeb WooCommerce PDF Vouchers
CVE-2024-56265

7.1HIGH

Key Information:

Vendor: WPweb
Status: WooCommerce PDF Vouchers
Vendor: CVE Published:; 31 December 2024

Summary

A cross-site scripting (XSS) vulnerability exists in WPWeb's WooCommerce PDF Vouchers, primarily stemming from improper neutralization of user input during the generation of web pages. This vulnerability enables an attacker to exploit reflected XSS, potentially leading to unauthorized script execution within the user's browser. Affected versions include those prior to 4.9.9, necessitating immediate patching to protect against potential exploitation by malicious actors.

Affected Version(s)

WooCommerce PDF Vouchers < 4.9.9

References

https://patchstack.com/database/wordpress/plugin/woocomme...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 18, 2024

Credit

Bonds (Patchstack Alliance)