CVE-2023-44144

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 2, 2023
Updated: Oct 4, 2023
CWE ID 79

Summary

CVE-2023-44144 is an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 3.2.7 and below of the Dreamfox Payment gateway plugin for WooCommerce. An attacker can inject malicious scripts into a website using this flaw, potentially stealing user data or taking control of user sessions. Successful exploitation does not require any user authentication, increasing the risk to unsuspecting website visitors. Users are advised to upgrade to the latest version of the plugin to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share