CVE-2024-43304

Name of the Vulnerable Software and Affected Versions Cryptocurrency Widgets – Price Ticker & Coins List versions prior to 2.8.1

Description The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting (XSS). This can be exploited by attackers to inject malicious scripts into the website. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 2.8.1, update to version 2.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable plugin until a patch is applied. Avoid using the plugin until the issue is resolved.