CVE-2023-44144
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Oct 2, 2023
Updated: Oct 4, 2023
CWE ID 79
Summary
CVE-2023-44144 is an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 3.2.7 and below of the Dreamfox Payment gateway plugin for WooCommerce. An attacker can inject malicious scripts into a website using this flaw, potentially stealing user data or taking control of user sessions. Successful exploitation does not require any user authentication, increasing the risk to unsuspecting website visitors. Users are advised to upgrade to the latest version of the plugin to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share