Lucene search
WPScanVULNRICHMENT:CVE-2024-6072HistoryJul 15, 2024 - 6:00 a.m.
CVE-2024-6072 WP eStore < 8.5.5 - Reflected XSS via $_SERVER['REQUEST_URI']
2024-07-1506:00:04
WPScan
github.com
3
cve
2024
6072
wp estore
reflected xss
$_server['request_uri']
wordpress plugin
version 8.5.5
cross-site scripting
AI Score
6.2
Confidence
High
EPSS
0.001
Percentile
17.4%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:wordpress_plugin:wp-cart-for-digital-products:*:*:*:*:*:*:*:*"
],
"vendor": "wordpress_plugin",
"product": "wp-cart-for-digital-products",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "8.5.5",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
]Related
cve
cve
CVE-2024-6072
2024-07-15 06:15:02
nvd
nvd
CVE-2024-6072
2024-07-15 06:15:02
cvelist
cvelist
CVE-2024-6072 WP eStore < 8.5.5 - Reflected XSS via $_SERVER['REQUEST_URI']
2024-07-15 06:00:04
wordfence
wordfence
AI Score
6.2
Confidence
High
EPSS
0.001
Percentile
17.4%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-6072