CVE-2024-11361

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 23, 2024
CWE ID 79

Summary

CVE-2024-11361 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the PDF Invoices & Packing Slips Generator plugin for WordPress. Versions up to and including 2.2.1 are impacted by the flaw. The issue arises due to the incorrect use of add_query_arg without proper escaping in URLs, allowing unauthenticated attackers to inject malicious web scripts. Successful exploitation occurs when users are coerced into performing specific actions, such as clicking on a crafted link, resulting in the execution of the attacker's code on the affected website.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share