CVE-2024-9239

Summary

CVE-2024-9239 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Booster for WooCommerce plugin for WordPress. The flaw, present in all versions up to and including 7.2.3, arises due to the inadequate escaping of URLs when using add_query_arg and remove_query_arg functions. This weakness enables unauthenticated attackers to inject malicious web scripts into pages. Successful exploitation of this vulnerability requires users to execute a specially crafted link, potentially leading to privacy violations, data theft, or other malicious activities. Users are advised to upgrade their plugin to the latest available version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.