Overview
- Description
- The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@wordfence.com
- CWE-79
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10882 (Published: 2024-11-13) - A medium severity vulnerability in Wordfence affects multiple versions. To protect your site, ensure you update to the latest version and follow remediation steps outlined here: https://t.co/MtoyGr1NOU #Wordfence #CVE
@transilienceai
14 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10882 The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_a… https://t.co/oHhXJICKa2
@CVEnew
13 Nov 2024
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10882 Reflected XSS Vulnerability in WooCommerce Lite Plugin Exploited The Product Delivery Date for WooCommerce – Lite plugin for WordPress has a Reflected Cross-Site Scripting (XSS) vulnerability. The ... https://t.co/Oq6npuNsyU
@VulmonFeeds
13 Nov 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes