CVE-2024-11331
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-11331 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the استخراج محصولات ووکامرس (Product Exporter and WooCommerce) plugin for WordPress. The issue arises from the improper usage of add_query_arg and remove_query_arg functions without adequate escaping, present in all versions up to 2.1.3. This vulnerability enables unauthenticated attackers to inject malicious web scripts into pages, which can be executed when users are tricked into performing an action, such as clicking on a specially crafted link. Successful exploitation of this vulnerability may result in unauthorized access, data theft, or other malicious activities. Users are strongly advised to update to the latest version of the plugin or consider alternative solutions to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.