CVE-2024-6133

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 12, 2024

Updated: Aug 13, 2024

Summary

CVE-2024-6133 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the wp-cart-for-digital-products WordPress plugin before version 8.5.6. This issue results from the plugin's failure to sanitize and escape a user-supplied input, allowing an attacker to inject malicious scripts into pages viewed by high-privilege users, including admins. Successful exploitation of this vulnerability could result in unauthorized access to sensitive information or even complete site takeover. Users are strongly advised to update their plugins to the latest version to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/widdnl
https://www.cve.org/CVERecord?id=CVE-2024-6133
https://nvd.nist.gov/vuln/detail/CVE-2024-6133

Back to Vulnerability Database

CVE-2024-6133

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations