cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10168,https://securityvulnerability.io/vulnerability/CVE-2024-10168,Stored Cross-Site Scripting Vulnerability in WooCommerce Plugin,"The Active Products Tables for WooCommerce plugin, integral to WordPress installations, has a flaw that allows authenticated users with contributor-level permissions or higher to perform stored cross-site scripting (XSS) attacks. This vulnerability stems from insufficient sanitization and escaping processes for user-supplied attributes within the plugin's woot_button shortcode. Attackers can inject arbitrary web scripts into the pages, leading to potential data leakage or unauthorized actions when subsequent users access those compromised pages. This incident emphasizes the critical importance of robust input validation and output escaping in web applications to safeguard against XSS vulnerabilities.",Wordpress,Woot,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-11-06T12:15:00.000Z,0