CVE-2024-11329

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 7, 2024
CWE ID 79

Summary

CVE-2024-11329 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Comfino Payment Gateway plugin for WordPress. This issue arises due to the improper use of add_query_arg and remove_query_arg functions, which do not employ adequate escaping when handling URLs. Consequently, unauthenticated attackers can inject malicious scripts into web pages. Exploitation of this vulnerability requires users to be tricked into performing specific actions, such as clicking on a malicious link. Versions 4.1.1 and below of the plugin are affected by this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Payment Gateway Plugin

Affected Vendors

  • Comfino