CVE-2024-12214

Summary

CVE-2024-12214 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WooCommerce HSS Extension for Streaming Video plugin for WordPress. Versions up to 3.31 are impacted by this issue. The vulnerability arises due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. They can do this by manipulating the ‘videolink’ parameter and tricking a user into performing an action, such as clicking on a malicious link. The successful exploitation of this vulnerability may result in hijacking user sessions, stealing sensitive data, or even taking complete control of the affected website.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.