CVE-2024-14015

Name of the Vulnerable Software and Affected Versions WordPress eCommerce Plugin versions through 2.9.0

Description The WordPress eCommerce Plugin does not properly sanitize and escape a parameter before displaying it on a page. This can lead to a Reflected Cross-Site Scripting (XSS) issue, potentially affecting users with high privileges, such as administrators. The issue involves improper handling of user-supplied input, allowing malicious scripts to be injected into the web page. The vulnerable parameter is not explicitly identified.

Recommendations Update WordPress eCommerce Plugin to a version later than 2.9.0.