CVE-2024-9944

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Oct 15, 2024
CWE ID 79

Summary

CVE-2024-9944 identifies a vulnerability in the WooCommerce plugin for WordPress, affecting all versions up to and including 9.0.2, which allows for HTML Injection due to improper handling of HTML elements from order form submissions. This flaw enables unauthenticated attackers to inject arbitrary HTML that could be rendered when an administrator reviews order form submissions, posing a moderate risk of low integrity impact without requiring user interaction or elevated privileges. Businesses using affected WooCommerce versions should update to the latest version promptly to mitigate this risk. The vulnerability has been rated with a base severity score of 5.3 and an exploitability score of 3.9, indicating its potential ease of exploitation over a network. For further details on remediation and updates, users can refer to the references provided by Wordfence and the WooCommerce development team.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share