CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-12321

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00045/1

CVE-2024-12321: Reflected Cross-Site Scripting (XSS) vulnerability exists in the WC Affiliate WordPress plugin, versions up to 2.3.9. This vulnerability stems from insufficient sanitization and escaping of a parameter before it's outputted back into the page. An attacker could exploit this vulnerability to execute malicious scripts in the context of a user's browser, potentially targeting high-privilege users like administrators. With an SVRS of 30, the risk is moderate, indicating a potential but not immediate threat. Successful exploitation could lead to account compromise or other unauthorized actions. While the CVSS score is 0, the SVRS provides a more nuanced view of the risk, incorporating real-world threat intelligence. This highlights the importance of promptly updating the WC Affiliate plugin to mitigate the risk.

TAGS
Exploit
Vdb-entry
Technical-description
In The Wild
VECTOR STRING
PUBLICATION DATE2025-01-27
LAST MODIFIED2025-01-27

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-12321 | WC Affiliate Plugin up to 2.3.9 on WordPress cross site scripting
vuldb.com2025-01-27
CVE-2024-12321 | WC Affiliate Plugin up to 2.3.9 on WordPress cross site scripting | A vulnerability classified as problematic has been found in WC Affiliate Plugin up to 2.3.9 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-12321. It is possible to launch the attack remotely. There is no exploit available.
cve-2024-12321
wordpress
https
exploit

Social Media

CVE-2024-12321 (CVSS:7.1, HIGH) is Awaiting Analysis. The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in t..https://t.co/UKQMlEChg2 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0
CVE-2024-12321 01/27/2025 06:15:22 AM The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scrip... https://t.co/rf7XUduUNC
0
0
0
CVE-2024-12321 The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scr… https://t.co/TzGEGTTOTS
0
0
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://wpscan.com/vulnerability/d4c55d30-1c15-41ee-95e0-670891d67684/
134C704F-9B21-4F2E-91B3-4A467353BCC0https://wpscan.com/vulnerability/d4c55d30-1c15-41ee-95e0-670891d67684/
[email protected]https://wpscan.com/vulnerability/d4c55d30-1c15-41ee-95e0-670891d67684/
GITHUBhttps://wpscan.com/vulnerability/d4c55d30-1c15-41ee-95e0-670891d67684/

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence