CVE-2024-8871

Name of the Vulnerable Software and Affected Versions: Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress versions up to, and including, 3.2.5

Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which execute when a user performs a specific action, such as clicking on a link.

Recommendations: For versions up to, and including, 3.2.5, update to a version that fixes the issue with add query arg to prevent Reflected Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.