CVE-2024-12438

Summary

CVE-2024-12438 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WooCommerce Digital Content Delivery plugin, specifically the FlickRocket component, for WordPress. Versions up to and including 4.74 are impacted. This issue arises due to insufficient input sanitization and output escaping on the 'start_date' and 'end_date' parameters, enabling unauthenticated attackers to inject arbitrary web scripts. Successful exploitation occurs when a user is tricked into executing an action, such as clicking on a malicious link, thereby allowing the attacker to inject malicious code and potentially take control of the user's session or steal sensitive information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.