Vulnerability Analysis
SysBasics Customize My Account for WooCommerce <= 2.7.29 - Reflected Cross-Site Scripting via tab Parameter
CVE-2024-10837
The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
No Active Exploit Signals
CVSS Base Score
6.1
MEDIUM
Exploitability:2.9
Impact Score:2.8
Temporal Score:-
EPSS:0.37%
Threat Intelligence Signals
CISA KEV
No
KEV Date Added
—
Ransomware Use
—
KEV Due Date
—
VulnCheck In-the-Wild
No
Nuclei Template
No
EPSS Score
0.368%
EPSS Percentile
28.5th pct
GHSA ID
GitHub Severity
MODERATE
SSVC Exploitation
—
SSVC Automatable
—
Vulnerability Class
—
Identity & Timeline
| Status | - |
| Assigning Authority | - |
| CVSS Version / Source | - |
| Reserved | - |
| Published | - |
| Patch Date (date_public) | - |
| Exploit DB Date | - |
| First GitHub PoC Date | - |
| Last Updated | - |
| Time to Patch (Days to fix) | - |
| Exploit Release Gap | - |
| PoC Release Gap | - |
| Exploit DB References | None identified |
Affected Products & Versions
| Vendor | Product | Affected Versions |
|---|---|---|
| No affected products specified. | ||
Social Buzz