Plugin Vulnerable to Reflected Cross-Site Scripting
CVE-2024-9384

6.1MEDIUM

Key Information:

Vendor: Quantity Dynamic Pricing & Bulk Discounts for WooCommerce
Status: Quantity Dynamic Pricing \& Bulk Discounts For WooCommerce
Vendor: CVE Published:; 4 October 2024

Summary

The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is exposed to Reflected Cross-Site Scripting due to an improper implementation of the add_query_arg function without sufficient escaping mechanisms. This vulnerability allows unauthenticated attackers to inject arbitrary scripts into web pages. If exploited, this could lead to significant security risks, such as the execution of malicious scripts when a user interacts with a crafted link. It's crucial for users of WooCommerce to update their plugins to ensure they are not vulnerable to such exploits.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wholesale-pric...

https://plugins.trac.wordpress.org/changeset/3161269/whol...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 4, 2024