Overview
- Description
- The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Source
- security@wordfence.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@wordfence.com
- CWE-79
Social media
- Hype score
- Not currently trending
CVE-2024-10168 (Published: 2024-11-06) - A medium severity vulnerability affects Wordfence. Ensure your WordPress site is updated to the latest version to mitigate risks. For detailed remediation steps, visit: https://t.co/5SWx9fbtgf #WordPress #Security
@transilienceai
7 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10168 (Published: 2024-11-06) - A medium severity vulnerability has been identified in Wordfence. Affects multiple versions. Ensure your site is secure by updating to the latest version and applying all recommended patches. Stay protected! More info:… https://t.co/gx4
@transilienceai
7 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10168 (Published: 2024-11-06) - A medium severity vulnerability affects Wordfence. Ensure your installations are updated to the latest versions to mitigate risks. For detailed remediation steps, check out the full report here: https://t.co/5SWx9fbtgf #CyberSecurity
@transilienceai
7 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10168 (Published: 2024-11-06) - A high-severity vulnerability in RealMag777 affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For more details, check the changeset here: https://t.co/eYRW0RWnrH #CyberSecurity… ht
@transilienceai
7 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10168 Stored XSS Vulnerability in WooCommerce Tables Plugin for WordPress The Active Products Tables for WooCommerce plugin for WordPress has a Stored Cross-Site Scripting flaw. This issue occurs in the ... https://t.co/fFKgaBLCxC
@VulmonFeeds
6 Nov 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10168 The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_b… https://t.co/s3YHtD40on
@CVEnew
6 Nov 2024
661 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pluginus:woot:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "D2B28CF8-C4B8-4710-A379-03877973FD14",
"versionEndExcluding": "1.0.6.5"
}
],
"operator": "OR"
}
]
}
]