2 matches found
CVE-2024-9944 WooCommerce <= 9.0.2 - Unauthenticated HTML Injection
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will...
WordPress WooCommerce Plugin <= 9.0.2 is vulnerable to Content Injection
Software WooCommerce Type Plugin Vulnerable versions = 9.0.2 Fixed in 9.1.0 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-9944 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b045fb73bcc4 Credits drop Required privilege Unauthenticated Published ...