CVE-2024-9178

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 5, 2024
Updated: Nov 8, 2024
CWE ID 79

Summary

CVE-2024-9178 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the XT Floating Cart plugin for WooCommerce, used in WordPress sites. Versions up to 2.8.2 are vulnerable, leaving Author-level users and above at risk. The issue stems from insufficient input sanitization and output escaping, enabling attackers to inject malicious web scripts into SVG files. These scripts will execute whenever a user views the infected file, potentially leading to unintended actions or data exposure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share