CVE-2024-10837
SysBasics Customize My Account for WooCommerce <= 2.7.29 - Reflected Cross-Site Scripting via tab Parameter
CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th
The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βtabβ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
| CWE | CWE-79 |
| Vendor | phppoet |
| Product | sysbasics customize my account for woocommerce |
| Published | Nov 9, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for phppoet sysbasics customize my account for woocommerce
Be the first to know when new medium vulnerabilities affecting phppoet sysbasics customize my account for woocommerce are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
phppoet / SysBasics Customize My Account for WooCommerce
0 β€ 2.7.29
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/0ced1c79-97fe-4841-9a02-ffb9f336212a?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/customize-my-account-for-woocommerce/tags/2.7.19/phppoet-checkout-fields/include/admin/pcfme_admin_settings.php#L840 wordpress.org: https://wordpress.org/plugins/customize-my-account-for-woocommerce/#developers plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3183607/
Credits
vgo0