CVE-2024-11329
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-11329 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Comfino Payment Gateway plugin for WordPress. This issue arises due to the improper use of add_query_arg and remove_query_arg functions, which do not employ adequate escaping when handling URLs. Consequently, unauthenticated attackers can inject malicious scripts into web pages. Exploitation of this vulnerability requires users to be tricked into performing specific actions, such as clicking on a malicious link. Versions 4.1.1 and below of the plugin are affected by this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Payment Gateway Plugin
Affected Vendors
- Comfino