CVSS 3.1 Score 7.1 of 10 (high)


Published Mar 21, 2024


CVE-2024-27994 is a vulnerability classified as "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" in the YITH WooCommerce Product Add-Ons plugin. This vulnerability allows for reflected XSS attacks. Versions of YITH WooCommerce Product Add-Ons ranging from n/a to 4.5.0 are affected by this issue. The risk score is 25 according to the audit conducted by, with a base severity of HIGH and a base score of 7.1 on the CVSS scale. The exploitability score is 2.8, and user interaction is required for exploitation. The impact includes low integrity and confidentiality impact, with low availability impact as well.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-27994 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options