CVE-2024-6072

Name of the Vulnerable Software and Affected Versions: wp-cart-for-digital-products versions prior to 8.5.5

Description: The issue concerns the wp-cart-for-digital-products WordPress plugin, where it fails to escape the REQUEST URI parameter before outputting it back in an attribute. This could lead to Reflected Cross-Site Scripting in old web browsers.

Recommendations: For versions prior to 8.5.5, update to version 8.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality until the update is applied.