CVE-2024-13885

Name of the Vulnerable Software and Affected Versions WP e-Customers Beta WordPress plugin version 0.0.1

Description The issue concerns a Reflected Cross-Site Scripting problem. It arises because the WP e-Customers Beta WordPress plugin does not properly sanitise and escape a parameter before outputting it back in the page. This could be exploited against high privilege users, such as the admin.

Recommendations For version 0.0.1, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of Reflected Cross-Site Scripting attacks. Avoid using the vulnerable parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.