CVE-2024-10046
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Dec 7, 2024
CWE ID 79
Summary
CVE-2024-10046: The Persian WooCommerce SMS plugin for WordPress, used in versions up to and including 7.0.5, contains a Reflected Cross-Site Scripting (XSS) vulnerability. This issue arises due to the improper usage of 'remove_query_arg' without sufficient escaping on URLs. An attacker can exploit this weakness by injecting malicious web scripts, potentially gaining unauthorized access to user information or performing actions on their behalf, as soon as a targeted user clicks a manipulated link.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share