CVE-2024-9944

Name of the Vulnerable Software and Affected Versions WooCommerce plugin for WordPress versions up to, and including, 9.0.2

Description The issue arises from the plugin not properly neutralizing HTML elements from submitted order forms, making it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions.

Recommendations For versions up to, and including, 9.0.2, update to a version higher than 9.0.2 to resolve the issue. As a temporary workaround, consider restricting access to order form submissions to minimize the risk of exploitation.