CVE-2024-11943
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-11943 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin "워드프레스 결제 심플페이 – 우커머스 결제 플러그인" (WooCommerce Simple Pay for WooCommerce) in versions up to 5.2.2. The issue arises due to the unescaped usage of add_query_arg in plugin URLs, allowing unauthenticated attackers to inject malicious scripts. Successful exploitation requires tricking users into clicking malicious links, potentially leading to data theft or website defacement. To mitigate this risk, it is recommended to update the plugin to the latest version as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.