CVE-2024-24886

2024-02-0811:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-24886

cross-site scripting

acowebs product labels

woocommerce

sale badges

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3.

Affected configurations

Vulners

NVD

Node

acowebsproduct_labels_for_woocommerce_\(sale_badges\)Range≤1.5.3

VendorProductVersionCPE
acowebsproduct_labels_for_woocommerce_\(sale_badges\)*cpe:2.3:a:acowebs:product_labels_for_woocommerce_\(sale_badges\):*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
acowebs	product_labels_for_woocommerce_\(sale_badges\)	*	cpe:2.3:a:acowebs:product_labels_for_woocommerce_\(sale_badges\)::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "aco-product-labels-for-woocommerce",
    "product": "Product Labels For Woocommerce (Sale Badges)",
    "vendor": "Acowebs",
    "versions": [
      {
        "changes": [
          {
            "at": "1.5.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.5.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/aco-product-labels-for-woocommerce/wordpress-product-labels-for-woocommerce-sale-badges-plugin-1-5-3-authenticated-cross-site-scripting-xss-vulnerability?_s_id=cve