CVE-2021-24999: Booster for Woocommerce < 5.4.9 - Reflected Cross-Site Scripting in PDF Invoicing Module
First published: Mon Jan 03 2022(Updated: )
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Booster for WooCommerce | <5.4.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-24999?
CVE-2021-24999 is a vulnerability in the Booster for WooCommerce WordPress plugin before version 5.4.9 that allows for Reflected Cross-Site Scripting (XSS) attacks.
How does CVE-2021-24999 impact my website?
CVE-2021-24999 can allow an attacker to execute malicious scripts on the admin dashboard of your website, potentially leading to unauthorized access or other security risks.
What is the severity of CVE-2021-24999?
The severity of CVE-2021-24999 is medium with a score of 6.1.
How do I fix CVE-2021-24999?
To fix CVE-2021-24999, you should update the Booster for WooCommerce plugin to version 5.4.9 or higher, which includes the necessary fixes for this vulnerability.
Is there any additional information about CVE-2021-24999?
Yes, you can find more information about CVE-2021-24999 on the WPScan vulnerability page: [link here](https://wpscan.com/vulnerability/8527f4fe-312f-45c1-ae4c-7e799702fc26).
- agent/type
- agent/severity
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/booster
- canonical/booster for woocommerce