CVE-2024-10837

Name of the Vulnerable Software and Affected Versions SysBasics Customize My Account for WooCommerce plugin for WordPress versions prior to 2.7.29

Description The vulnerability is a Reflected Cross-Site Scripting issue via the tab parameter, caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link.

Recommendations Update to version 2.7.29 or later to secure your site. As a temporary workaround, consider restricting access to the tab parameter in the affected plugin until a patch is available.