How severe is CVE-2024-6480?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2024-6480?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2024-6480 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Related Vulnerabilities

CVE-2016-4507

MEDIUM

CVSS:6.4(Medium)

SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CWE-892016

CVE-2018-6494

MEDIUM

CVSS:6.4(Medium)

Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.

CWE-892018

CVE-2019-12619

MEDIUM

CVSS:6.4(Medium)

A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. T...

CWE-892019

CVE-2020-13525

MEDIUM

CVSS:6.4(Medium)

The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an S...

CWE-892020

CVE-2020-13526

MEDIUM

CVSS:6.4(Medium)

SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pag...

CWE-892020

CVE-2020-27226

MEDIUM

CVSS:6.4(Medium)

An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HT...

CWE-892020