CVE-2024-12438

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 7, 2025
CWE ID 79

Summary

CVE-2024-12438 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WooCommerce Digital Content Delivery plugin, specifically the FlickRocket version up to 4.74 used in WordPress websites. The issue arises due to insufficient input sanitization and output escaping on the 'start_date' and 'end_date' parameters. An attacker can exploit this vulnerability by injecting arbitrary web scripts, making it possible for them to execute malicious code when a user performs an action like clicking on a specially crafted link, putting unauthenticated users at risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share