CVE-2024-6072 | WP-FeedStats wp-cart-for-digital-products Plugin up to 8.5.4 on WordPress Attribute $_SERVER[‘REQUEST_URI’] cross site scripting

Inserito da Angelo Barbosa | Lug 15, 2024 | CVE

A vulnerability was found in WP-FeedStats wp-cart-for-digital-products Plugin up to 8.5.4 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Attribute Handler. The manipulation of the argument $_SERVER[‘REQUEST_URI’] leads to cross site scripting.

This vulnerability is traded as CVE-2024-6072. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-6072 | WP-FeedStats wp-cart-for-digital-products Plugin up to 8.5.4 on WordPress Attribute $_SERVER[‘REQUEST_URI’] cross site scripting

Post correlati

CVE-2023-52714 | Huawei HarmonyOS/EMUI hwnff Module information disclosure

CVE-2024-28675 | DedeCMS 5.7 /dede/diy_edit.php cross-site request forgery

CVE-2024-6925 | TrueBooker Plugin up to 1.0.2 on WordPress Setting cross-site request forgery

CVE-2024-3740 | cym1102 nginxWebUI up to 3.9.9 /adminPage/conf/reload exec nginxExe deserialization