CVE-2024-52484
CVSS 3.1 Score 7.1 of 10 (high)
Details
Published Dec 2, 2024
CWE ID 79
Summary
CVE-2024-52484 is a Cross-site Scripting (XSS) vulnerability affecting WooCommerce's "Recently viewed products" module. The flaw, which allows reflected XSS attacks, stems from improper input neutralization during web page generation. This vulnerability, present in versions from n/a through 1.0.1, can pose a significant risk if exploited, potentially leading to unauthorized user actions or data theft. Users are advised to upgrade to a patched version to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share