CVE-2024-37202

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-37202
Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter allows Cross-Site Scripting (XSS).This issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from n/a through 1.222.16.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://patchstack.com/database/vulnerability/custom-add-to-cart-button-for-woocommerce/wordpress-ultimate-custom-add-to-cart-button-ajax-for-woocommerce-by-binary-carpenter-plugin-1-222-16-broken-access-control-to-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/custom-add-to-cart-button-for-woocommerce/wordpress-ultimate-custom-add-to-cart-button-ajax-for-woocommerce-by-binary-carpenter-plugin-1-222-16-broken-access-control-to-xss-vulnerability?_s_id=cve
Configurations

No configuration.

History

21 Nov 2024, 09:23

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de autorización faltante en BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) para WooCommerce de Binary Carpenter permite cross-site scripting (XSS). Este problema afecta a Ultimate Custom Add To Cart Button (Ajax) para WooCommerce de Binary Carpenter: de n/a hasta 1.222.16.
References () https://patchstack.com/database/vulnerability/custom-add-to-cart-button-for-woocommerce/wordpress-ultimate-custom-add-to-cart-button-ajax-for-woocommerce-by-binary-carpenter-plugin-1-222-16-broken-access-control-to-xss-vulnerability?_s_id=cve - () https://patchstack.com/database/vulnerability/custom-add-to-cart-button-for-woocommerce/wordpress-ultimate-custom-add-to-cart-button-ajax-for-woocommerce-by-binary-carpenter-plugin-1-222-16-broken-access-control-to-xss-vulnerability?_s_id=cve -

12 Jul 2024, 16:34

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-12 14:15

Updated : 2024-11-21 09:23

NVD link : CVE-2024-37202

Mitre link : CVE-2024-37202

CVE.ORG link : CVE-2024-37202

JSON object : View

Products Affected

No product.

CWE
CWE-862

Missing Authorization