CVE-2024-8724
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-8724 identifies a vulnerability in the Waitlist Woocommerce (Back in stock notifier) plugin for WordPress, affecting all versions up to and including 2.7.5, which is susceptible to Reflected Cross-Site Scripting due to improper handling of URL parameters. This flaw could allow unauthenticated attackers to inject malicious scripts into web pages, necessitating user interaction to exploit the vulnerability effectively. Organizations using this plugin should remediate the issue by updating to the latest version or implementing appropriate input validation and escaping mechanisms. The vulnerability has a medium severity rating, with an exploitability score of 2.8, indicating a low attack complexity but requiring user interaction for successful exploitation. Without mitigation, this vulnerability poses a potential security risk by compromising user data integrity and confidentiality within affected systems.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.