Reflected Cross-Site Scripting in SKU Generator for WooCommerce Plugin
CVE-2024-9212

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Sku Generator For WooCommerce
Vendor: CVE Published:; 1 March 2025

What is CVE-2024-9212?

The SKU Generator for WooCommerce plugin exposes users to reflected cross-site scripting due to insufficient escaping of user-supplied input in URLs. All versions up to and including 1.6.2 are affected. An unauthenticated attacker can exploit this vulnerability by crafting a malicious link that, when clicked by a user, causes the execution of arbitrary web scripts in their browser. This can lead to serious security implications, including session hijacking, data theft, and website defacement.

Affected Version(s)

SKU Generator for WooCommerce * <= 1.6.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/sku-for-woocom...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2025
Vulnerability Reserved
Sep 26, 2024

Credit

Dale Mavers