๐Ÿ” CVE Alert

CVE-2024-10519

MEDIUM 6.1

Wishlist for WooCommerce: Multi Wishlists Per Customer PRO 3.0.8 - 3.1.2 - Reflected Cross-Site Scripting via wtab Parameter

CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th

The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wtab' parameter in versions 3.0.8 to 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Note: Only WordPress installations with versions of PHP <=7.4 are affected by this vulnerability.

CWE CWE-79
Vendor karzin
Product wishlist for woocommerce: multi wishlists per customer pro
Published Nov 23, 2024
Last Updated Nov 23, 2024
Stay Ahead of the Next One

Get instant alerts for karzin wishlist for woocommerce: multi wishlists per customer pro

Be the first to know when new medium vulnerabilities affecting karzin wishlist for woocommerce: multi wishlists per customer pro are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

karzin / Wishlist for WooCommerce: Multi Wishlists Per Customer PRO
3.0.8 3.0.9 3.1.0 3.1.1 3.1.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/eb14896f-7f0e-4168-8a2d-309bbaddbedc?source=cve github.com: https://github.com/wpcodefactory/wish-list-for-woocommerce/blame/master/templates/wish-list.php#L214 github.com: https://github.com/wpcodefactory/wish-list-for-woocommerce/blob/fafa2319a8907d3260a89a2a6b4fa9ea6602c7db/templates/wish-list.php#L94 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/wish-list-for-woocommerce/trunk/templates/wish-list.php#L215 wordpress.org: https://wordpress.org/plugins/wish-list-for-woocommerce/#developers plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3189775/

Credits

Kenneth Dunn