CVE-2024-9212

Summary

CVE-2024-9212 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the SKU Generator plugin for WooCommerce on WordPress.Versions up to and including 1.6.2 are susceptible to this issue, which stems from the use of add_query_arg without proper escaping in URLs.An attacker can leverage this flaw to inject arbitrary web scripts into pages, potentially stealing user data or taking control of user sessions.The vulnerability poses a significant risk to unauthenticated users, who can be tricked into clicking on malicious links to execute the attacks. plugin users are strongly urged to upgrade to the latest version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.