CVE-2024-9944

Published Oct 15, 2024

Last updated a month ago

CVSS medium 6.1

Overview

Description: The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions.
Source: security@wordfence.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
security@wordfence.com: CWE-79

Hype score: Not currently trending

🚨 ¡Alerta de seguridad importante para los usuarios de WordPress! 🚨 Se ha identificado una vulnerabilidad en el plugin WooCommerce, afectando a todas las versiones hasta la 9.0.2. CVE-2024-9944 presenta una debilidad de inyección de HTML (CWE-79), permitiendo a atacantes no… h
@antu_tech
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:woocommerce:woocommerce:*:*:*:*:free:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DD5A62D-A515-43C5-ABF6-97E45050F01F",
            "versionEndExcluding": "9.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References