CVE-2024-54303
CVSS 3.1 Score 7.1 of 10 (high)
Details
Published Dec 13, 2024
CWE ID 79
Summary
CVE-2024-54303 represents a Cross-site Scripting (XSS) vulnerability in the Simple Payment plugin developed by Ido Kobelkowsky. The flaw, named Reflected XSS, is located in the web page generation process of the plugin. It allows an attacker to inject malicious scripts into a web page viewed by other users, potentially leading to information theft or session hijacking. The vulnerability affects Simple Payment versions from n/a to 2.3.7. Users are strongly encouraged to update their plugin to a patched version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share