CVE-2024-8499
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Oct 4, 2024
Updated: Nov 8, 2024
CWE ID 79
Summary
CVE-2024-8499 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Checkout Field Editor (Checkout Manager) plugin for WordPress, up to and including version 2.0.3. This issue stems from insufficient input sanitization and output escaping in the ‘render_review_request_notice’ function. Consequently, unauthenticated attackers can inject arbitrary web scripts into pages, potentially leading to serious security implications. Exploitation requires users to perform a specific action, like clicking on a maliciously crafted link.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.