CVE-2024-14015

State: PUBLISHED · Published: 2025-11-24 · Updated: 2026-04-02 · Assigner: WPScan

Description

The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CWE

(none)

Affected

Unknown / WordPress eCommerce Plugin — v=0 ≤2.9.0 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/1a70927a-e345-4e2f-98da-1235f4482cc0/ exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2024/14xxx/CVE-2024-14015.json