ByteOS Network

NVD Vulnerability Details :

CVE-2024-12395

Received

Source-security@wordfence.com

Published At-17 Dec, 2024 | 12:15

Updated At-17 Dec, 2024 | 12:15

The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘number’ parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Primary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	security@wordfence.com

CWE ID: CWE-79

Type: Primary

Source: security@wordfence.com

References

Hyperlink	Source	Resource
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L117	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L127	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L138	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L149	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L173	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L200	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L28	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L31	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L38	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L47	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L53	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L59	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L66	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L76	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L90	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L96	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/changeset/3208205/	security@wordfence.com	N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/b09dc4dc-d2b9-452a-b005-b69feffdbecf?source=cve	security@wordfence.com	N/A