CVE-2024-51708

Summary

CVE-2024-51708 is a newly identified Cross-site Scripting (XSS) vulnerability that affects the Narnoo Commerce Manager for Wordpress. The weakness lies in the improper neutralization of user input during web page generation, making it possible for attackers to inject malicious scripts into the platform. This issue puts all Narnoo Commerce Manager versions from n/a through 1.6.0 at risk, potentially allowing unauthorized access or data theft. Attackers can exploit this vulnerability by tricking users into clicking a specially crafted link or visiting a compromised website, leading to the execution of malicious scripts in the user's browser. Users are advised to update their Narnoo Commerce Manager instances immediately to mitigate the risk of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.