CVE-2024-53714
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2024-53714 is a Cross-Site Request Forgery (CSRF) vulnerability identified in Arrow Design's Continue Shopping From Cart feature. This issue permits an attacker to execute Stored Cross-Site Scripting (XSS) attacks against unsuspecting users. The Arrow Design Continue Shopping From Cart, used from version n/a up to 1.3, is affected by this vulnerability, potentially exposing users to malicious scripts when accessing the application. The CSRF attack can force users to perform unintended actions on the site, while the Stored XSS vulnerability can lead to long-term persistent attacks. Attackers can exploit this vulnerability by tricking users into clicking a specially crafted link or form submission, compromising their session and injecting malicious scripts into the site that can remain active even after the user logs out.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- WordPress