CVE-2024-9205

Summary

CVE-2024-9205 identifies a vulnerability in the Maximum Products per User plugin for WooCommerce on WordPress, which is susceptible to Reflected Cross-Site Scripting (XSS) due to inadequate input escaping in URLs across all versions up to 4.2.8. This flaw allows unauthenticated attackers to inject malicious scripts into web pages, potentially compromising users who are tricked into clicking on affected links. The security risk is rated as medium, with a CVSS base score of 6.1, indicating low integrity and confidentiality impacts but requiring user interaction for exploitation. To mitigate this vulnerability, users should upgrade the plugin to version 4.2.9 or later, which contains the necessary patches. Organizations using this plugin should be aware of the potential for XSS attacks that could lead to unauthorized actions on their websites.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.