CVE-2024-29121

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Mar 19, 2024

CWE ID 79

Summary

CVE-2024-29121 is a Cross-site Scripting (XSS) vulnerability affecting the Firassaidi WooCommerce License Manager. The flaw, which permits Reflected XSS, arises from improper neutralization of user input during web page generation. This issue poses a security risk as an attacker could inject malicious scripts into a web page viewed by other users, leading to potential data theft or site defacement. Affected versions of the plugin range from n/a to 5.3.1. Users are advised to install the latest patch to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/u8wRdy
https://www.cve.org/CVERecord?id=CVE-2024-29121
https://nvd.nist.gov/vuln/detail/CVE-2024-29121

Back to Vulnerability Database

CVE-2024-29121

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations