Lucene search
PatchstackCVE-2024-37515HistoryJul 21, 2024 - 8:15 a.m.
CVE-2024-37515
2024-07-2108:15:04
CWE-79
Patchstack
web.nvd.nist.gov
25
optemiz
xplainer
woocommerce
product faq
input neutralization
xss
cross-site scripting
cve-2024-37515
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0
Percentile
9.3%
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3.
Affected configurations
Node
optemizxplainer_–_woocommerce_product_faq_\[woocommerce_accordion_faq_plugin\]Range≤1.6.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| optemiz | xplainer_–_woocommerce_product_faq_\[woocommerce_accordion_faq_plugin\] | * | cpe:2.3:a:optemiz:xplainer_–_woocommerce_product_faq_\[woocommerce_accordion_faq_plugin\]:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "faq-for-woocommerce",
"product": "XPlainer - WooCommerce Product FAQ",
"vendor": "Optemiz",
"versions": [
{
"changes": [
{
"at": "1.6.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
cvelist
cvelist
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-37515
2024-07-21 08:15:04
wordfence
wordfence
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0
Percentile
9.3%
Related for CVE-2024-37515