Reflected Cross-Site Scripting in SKU Generator for WooCommerce Plugin
CVE-2024-9212

6.1MEDIUM

Key Information:

Vendor

WordPress
Status
Sku Generator For WooCommerce
Vendor
CVE Published:
1 March 2025

What is CVE-2024-9212?

The SKU Generator for WooCommerce plugin exposes users to reflected cross-site scripting due to insufficient escaping of user-supplied input in URLs. All versions up to and including 1.6.2 are affected. An unauthenticated attacker can exploit this vulnerability by crafting a malicious link that, when clicked by a user, causes the execution of arbitrary web scripts in their browser. This can lead to serious security implications, including session hijacking, data theft, and website defacement.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SKU Generator for WooCommerce * <= 1.6.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/sku-for-woocom...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
JSON
.