Description

The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘number’ parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

INFO

Published Date :

2024-12-17T11:10:18.505Z

Last Modified :

2026-04-08T17:15:58.004Z

Source :

Wordfence
AFFECTED PRODUCTS

The following products are affected by CVE-2024-12395 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12395.

URL Resource
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L117 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L127 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L138 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L149 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L173 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L200 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L28 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L31 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L38 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L47 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L53 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L59 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L66 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L76 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L90 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-additional-fees-on-checkout-wordpress/trunk/classes/wps-ext-cst-admin.php#L96 cve-icon cve-icon
https://plugins.trac.wordpress.org/changeset/3208205/ cve-icon cve-icon
https://www.wordfence.com/threat-intel/vulnerabilities/id/b09dc4dc-d2b9-452a-b005-b69feffdbecf?source=cve cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact