cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12438,https://securityvulnerability.io/vulnerability/CVE-2024-12438,Reflected Cross-Site Scripting Vulnerability in WooCommerce Digital Content Delivery Plugin,"The WooCommerce Digital Content Delivery (FlickRocket) plugin for WordPress suffers from a reflected cross-site scripting vulnerability. This issue arises from inadequate input sanitization and output escaping on the 'start_date' and 'end_date' parameters. An unauthenticated attacker can exploit this flaw to inject arbitrary web scripts into web pages viewed by users. If the victim is manipulated into engaging with a crafted link, the malicious script will execute in their browser context, potentially facilitating various attacks, including data theft and session hijacking.",Wordpress,WooCommerce Digital Content Delivery (incl. Drm) – Flickrocket,6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,false,false,false,2025-01-07T05:23:56.544Z,0