CVE-2024-12438
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-12438 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WooCommerce Digital Content Delivery plugin, specifically the FlickRocket version up to 4.74 used in WordPress websites. The issue arises due to insufficient input sanitization and output escaping on the 'start_date' and 'end_date' parameters. An attacker can exploit this vulnerability by injecting arbitrary web scripts, making it possible for them to execute malicious code when a user performs an action like clicking on a specially crafted link, putting unauthenticated users at risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.