CVE-2024-11370
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-11370 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Subaccounts plugin for WooCommerce on WordPress. The issue lies in the use of add_query_arg function without proper escaping in URLs, present in all versions up to 1.6.0. This flaw allows unauthenticated attackers to inject malicious scripts into web pages by tricking users into clicking on specially crafted links. Successful exploitation can lead to unintended execution of arbitrary code and potential data theft. Upgrading to the latest version of the plugin or applying a patch is recommended to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.