CVE-2024-6288 Conversios.io - All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 7.1.0 - Reflected Cross-Site Scripting

🗓️ 28 Jun 2024 06:57:47Reported by WordfenceType

CVE-2024-6288 Conversios.io vulnerability in WooCommerce plugi

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-6288	1 Jul 202518:08	–	circl
CNNVD	WordPress plugin Conversios cross-site scripting vulnerability	28 Jun 202400:00	–	cnnvd
CVE	CVE-2024-6288	28 Jun 202406:57	–	cve
EUVD	EUVD-2024-47406	3 Oct 202520:07	–	euvd
NVD	CVE-2024-6288	28 Jun 202407:15	–	nvd
Patchstack	WordPress Conversios.io Plugin <= 7.1.0 is vulnerable to Cross Site Scripting (XSS)	28 Jun 202400:00	–	patchstack
Patchstack	WordPress Conversios.io plugin <= 7.1.0 - Reflected Cross-Site Scripting vulnerability	28 Jun 202406:32	–	patchstack
Positive Technologies	PT-2024-37515 · Google +1 · Google Analytics 4 +1	28 Jun 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-6288	23 May 202507:59	–	redhatcve
Vulnrichment	CVE-2024-6288 Conversios.io - All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 7.1.0 - Reflected Cross-Site Scripting	28 Jun 202406:57	–	vulnrichment

[
  {
    "vendor": "tatvic",
    "product": "Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "7.1.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/enhanced-e-commerce-for-woocommerce-store/tags/7.1.0/admin/partials/wizard-productfeed-even.php
plugins	www.plugins.trac.wordpress.org/browser/enhanced-e-commerce-for-woocommerce-store/tags/7.1.0/admin/partials/wizard-productfeed-odd.php
plugins	www.plugins.trac.wordpress.org/changeset/3108037/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/f668c3cd-bf64-4e95-8d75-70e4f12cabce

08 Apr 2026 17:33Current

CVSS 3.14.7

EPSS0.02577

CWE-79