CVE-2024-35777Injection in Woocommerce

CWE-74Injection3 documents3 sources
Severity
3.5LOWNVD
EPSS
0.3%
top 49.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Automattic Woocommerce
Timeline
PublishedJul 9

Description

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:LExploitability: 0.9 | Impact: 2.5

Affected Packages1 packages

CVEListV5automattic/woocommercen/a8.9.2

🔴Vulnerability Details

2
GHSA
GHSA-q4p7-mhc4-r922: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Cont2024-07-09
CVEList
WordPress WooCommerce plugin <= 8.9.2 - Content Injection vulnerability2024-07-09
CVE-2024-35777 — Injection in Automattic Woocommerce | cvebase