CVE-2024-9384
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-9384 identifies a vulnerability in the Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress, affecting all versions up to and including 3.8.0. The issue arises from reflected cross-site scripting (XSS) due to inadequate escaping when using the add_query_arg function, allowing attackers to inject malicious scripts if a user is tricked into clicking a link. To remediate this vulnerability, users should update the plugin to version 3.8.1 or later, where this issue has been addressed. The potential danger lies in the ability of unauthenticated attackers to exploit this flaw, leading to unauthorized web script execution and compromising user data, although the overall impact is rated as medium with low integrity and confidentiality impacts. User interaction is required for exploitation, indicating that while the risk exists, it necessitates some level of deception against users.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.