CVE-2024-43127
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2024-43127 is a Cross-site Scripting (XSS) vulnerability affecting WPFactory's Products, Order & Customizers Export for WooCommerce. The flaw, which allows Reflected XSS attacks, lies in the way user inputs are handled during web page generation. This issue can be exploited by attackers to inject malicious scripts into a victim's web browser, potentially leading to data theft, session hijacking or other malicious activities. The vulnerability impacts all versions of the plugin from the initial release through 2.0.11. Users are advised to update to the latest, secure version as soon as possible to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.