CVE-2024-9895

Summary

CVE-2024-9895 identifies a vulnerability in the Smart Online Order for Clover plugin for WordPress, affecting all versions up to and including 1.5.7. This vulnerability arises from inadequate input sanitization and output escaping in the plugin's moo_receipt_link shortcode, allowing authenticated attackers with contributor-level access to inject arbitrary web scripts that execute when a user accesses an affected page. The potential danger includes low integrity and confidentiality impacts as attackers can exploit this flaw through network vectors without requiring user interaction. To remediate the issue, updating the plugin to the latest version that addresses this vulnerability is essential. Organizations using this plugin should prioritize this update to mitigate risks associated with stored cross-site scripting attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.