CVE-2024-6134

Aug. 12, 2024, 1:41 p.m.

Tags

contact@wpscan.com
2024-08-12
CVE-2024-6134

Product(s) Impacted

wp-cart-for-digital-products WordPress plugin

  • before 8.5.6

Description

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Weaknesses

Date

Published: Aug. 12, 2024, 1:38 p.m.

Last Modified: Aug. 12, 2024, 1:41 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

contact@wpscan.com

References

https://wpscan.com/vulnerability/34d61f7e-90eb-4a64-a8a7-18f2d6518118/
contact@wpscan.com