CVE-2023-47512

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 16, 2023

Updated: Nov 21, 2023

CWE ID 79

Summary

CVE-2023-47512 is a newly discovered Reflected Cross-Site Scripting (XSS) vulnerability affecting the Gravity Master Product Enquiry plugin for WooCommerce. Versions prior to 3.1 are susceptible to this issue. An attacker can exploit this weakness by injection of malicious scripts into a vulnerable webpage, leading to potential data theft or unauthorized actions by an attacker. This could result in serious consequences, including account takeover or financial loss for unsuspecting users. To mitigate the risk, it is recommended that users upgrade to the latest version of the plugin as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tSul55
https://www.cve.org/CVERecord?id=CVE-2023-47512
https://nvd.nist.gov/vuln/detail/CVE-2023-47512

Back to Vulnerability Database

CVE-2023-47512

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations