CVE-2024-29926

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 27, 2024

CWE ID 79

Summary

CVE-2024-29926 is a Cross-site Scripting (XSS) vulnerability affecting HasThemes WC Builder. The flaw, which allows Stored XSS, occurs during the generation of web pages in the plugin. Attackers can exploit this vulnerability by injecting malicious scripts into the affected website, potentially stealing user data or taking control of user sessions. This issue affects WC Builder versions from n/a through 1.0.18. Users are strongly advised to update to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vDQ1qa
https://www.cve.org/CVERecord?id=CVE-2024-29926
https://nvd.nist.gov/vuln/detail/CVE-2024-29926

Back to Vulnerability Database

CVE-2024-29926

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations