Lucene search

PatchstackCVELIST:CVE-2024-29112

HistoryMar 19, 2024 - 3:02 p.m.

CVE-2024-29112 WordPress WooCommerce Google Feed Manager plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability

2024-03-1915:02:28

CWE-79

Patchstack

www.cve.org

cve-2024-29112

woocommerce

google feed manager

xss

vulnerability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through 2.2.0.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-product-feed-manager",
    "product": "WooCommerce Google Feed Manager",
    "vendor": "WP Marketing Robot",
    "versions": [
      {
        "changes": [
          {
            "at": "2.3.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.2.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-product-feed-manager/wordpress-woocommerce-google-feed-manager-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve