CVE-2024-10046

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 7, 2024
CWE ID 79

Summary

CVE-2024-10046: The Persian WooCommerce SMS plugin for WordPress, used in versions up to and including 7.0.5, contains a Reflected Cross-Site Scripting (XSS) vulnerability. This issue arises due to the improper usage of 'remove_query_arg' without sufficient escaping on URLs. An attacker can exploit this weakness by injecting malicious web scripts, potentially gaining unauthorized access to user information or performing actions on their behalf, as soon as a targeted user clicks a manipulated link.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share