CVE-2024-9345

Summary

CVE-2024-9345 identifies a vulnerability in the Product Delivery Date for WooCommerce – Lite plugin for WordPress, affecting all versions up to and including 2.7.3, which is susceptible to Reflected Cross-Site Scripting due to improper escaping of URLs. This vulnerability allows unauthenticated attackers to inject malicious web scripts into pages, potentially compromising user interactions if users are tricked into clicking on links when notices are present. To remediate this issue, users should update the plugin to version 2.7.4 or higher where the vulnerability has been addressed. The exploitation of this vulnerability could lead to a medium severity impact on an organization's integrity and confidentiality, albeit requiring user interaction for successful exploitation. Organizations using affected versions of this plugin should prioritize updates to mitigate potential risks associated with this flaw.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.