CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Email Attachment by Order Status & Products email-attachment-by-order-status-products allows Reflected XSS.This issue affects Email Attachment by Order Status & Products: from n/a through <= 1.0.1.
Explanation of Vulnerability in Simple Terms
A cross-site scripting (XSS) vulnerability in Email Attachment by Order Status & Products versions 1.0.1 and earlier allows an attacker to inject malicious scripts that execute in users' browsers. The vulnerability requires user interaction—typically clicking a malicious link—and can affect other users or administrators viewing the same page. This could lead to session hijacking, credential theft, or unauthorized actions on the site.
What an attacker can do
Inject and execute malicious JavaScript in users' browsers to steal session tokens, credentials, or perform actions on their behalf.
Potential impact on your site
Users and admins could have sessions hijacked, credentials stolen, or be tricked into performing unwanted actions within the plugin.
Conditions required to exploit
No authentication required. Victim must click a malicious link or visit an attacker-controlled page that triggers the vulnerability.
Key dates
External resources
Related vulnerabilities
