CVE-2024-10519
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Nov 23, 2024
CWE ID 79
Summary
CVE-2024-10519 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress. Versions 3.0.8 to 3.1.2 are at risk due to insufficient input sanitization and output escaping on the 'wtab' parameter. This issue enables unauthenticated attackers to inject arbitrary web scripts into affected pages if they manage to trick users into executing a malicious link. Notably, only WordPress installations using PHP versions below 7.5 are susceptible to this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share