CVE-2024-8499

NVD Published Date: October 04, 2024 at 01:15 PM
NVD Last Modified: October 04, 2024 at 01:50 PM
Download Patch
Vulnerability ID
CVE-2024-8499
Severity
MEDIUM
Severity Score
4.7
Summary
The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE ID
CWE-79

Recent Publish

CVE-2024-47652

KB5043076

KB5043080

CVE-2024-47561

CVE-2024-47554

KB5043083

See More ...

See SecOps Solution
in action

Schedule Demo