CVE-2024-6288

MEDIUM Year: 2024
CVSS v3 Score
4.7
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Related Vulnerabilities

CVE-2016-0623

MEDIUM
CVSS:4.7(Medium)

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component.

NVD-CWE-Other2016

CVE-2016-0642

MEDIUM
CVSS:4.7(Medium)

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

NVD-CWE-Other2016

CVE-2016-0655

MEDIUM
CVSS:4.7(Medium)

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors re...

NVD-CWE-Other2016

CVE-2016-0661

MEDIUM
CVSS:4.7(Medium)

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options.

NVD-CWE-Other2016

CVE-2016-0663

MEDIUM
CVSS:4.7(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema.

NVD-CWE-Other2016

CVE-2016-0676

MEDIUM
CVSS:4.7(Medium)

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel.

NVD-CWE-Other2016