CVE-2024-9944
- Source
- https://cve.org/CVERecord?id=CVE-2024-9944
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9944.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-9944
- Published
- 2024-10-15T06:15:02.967Z
- Modified
- 2025-11-20T12:32:21.975041Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions.
- References
-
- https://raw.githubusercontent.com/woocommerce/woocommerce/trunk/changelog.txt
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b5dfe2a5-612f-4e6c-a639-4afcff2ffa4c?source=cve
- https://github.com/woocommerce/woocommerce/pull/49370
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3115837%40woocommerce%2Ftrunk&old=3106873%40woocommerce%2Ftrunk&sfp_email=&sfph_mail=
Affected packages
Git / github.com/woocommerce/woocommerce
Affected ranges
- Type
- GIT
- Repo
- https://github.com/woocommerce/woocommerce
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0
1.0.1
1.0.2
1.0.3
1.1
1.1.1
1.1.2
1.1.3
1.2
1.2.1
1.2.2
1.2.3
1.2.4
1.3
1.3.1
1.3.2
1.4
1.4.1
1.4.2
1.4.3
1.4.4
1.5
1.5.1
1.5.2
1.5.2.1
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.7.1
1.5.8
1.6-beta-1
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.5.1
2.*
2.0-beta-0
2.0.0
2.0.0-RC1
2.0.0-RC2
2.0.0-RC3
2.0.0-beta1
2.0.0-beta2
2.0.0-beta3
2.0.1
2.0.10
2.0.11
2.0.12
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.0-RC1
2.1.0-RC2
2.1.0-beta-1
2.1.0-beta-2
2.1.0-beta-3
2.1.1
2.1.10
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2-beta-1
2.2-beta-2
2.2-beta-3
2.2.0
2.2.0-RC1
2.2.1
2.2.2
2.2.3
2.2.4
2.3.0
2.3.0-RC1
2.3.0-beta-1
2.3.0-beta-2
2.3.0-beta-3
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.4.0
2.4.0-RC1
2.4.0-beta-1
2.4.0-beta-2
2.4.0-beta-3
2.4.0-beta-4
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.5.0
2.5.0-RC1
2.5.0-RC2
2.5.0-RC3
2.5.0-beta-1
2.5.0-beta-2
2.5.0-beta-3
2.6.0
2.6.0-RC1
2.6.0-RC2
2.6.0-beta-1
2.6.0-beta-2
2.6.0-beta-3
2.6.0-beta-4
2.6.1
2.6.2
2.6.3
2.7.0-RC1
2.7.0-beta-1
2.7.0-beta-2
2.7.0-beta-3
2.7.0-beta-4
3.*
3.0.0
3.0.0-rc.1
3.0.0-rc.2
3.1.0-beta-1
3.1.0-beta.1
3.1.0-beta.2
3.1.0-rc.1
3.2.0-beta.1
3.2.0-beta.2
3.2.0-rc.1
3.3.0-beta.1
3.3.0-beta.2
3.3.0-rc.1
3.4.0-beta.1
3.4.0-beta.2
3.4.0-rc.1
3.4.0-rc.2
3.5.0-beta.1
3.6.0-beta.1
3.6.0-rc.1
3.7.0-beta.1
3.7.0-rc.1
9.*
9.1.0-beta.1
9.1.0-rc.1
@woocommerce/e2e-environment@0.*
@woocommerce/e2e-environment@0.1.1
@woocommerce/e2e-environment@0.1.2
@woocommerce/e2e-environment@0.1.5
Other
list
v1.*
v1.0
v1.0.1
v1.0.2
v1.0.3
v1.1
v1.1.1
v1.1.2
v1.1.3
v1.2
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3
v1.3.1
v1.3.2
v1.4
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.5
v1.5.1
v1.5.2
v1.5.2.1
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.7.1
v1.5.8
v1.6-beta-1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.5.1
v2.*
v2.0-beta-0
v2.0.0
v2.0.0-RC1
v2.0.0-RC2
v2.0.0-RC3
v2.0.0-beta1
v2.0.0-beta2
v2.0.0-beta3
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.0-RC1
v2.1.0-RC2
v2.1.0-beta-1
v2.1.0-beta-2
v2.1.0-beta-3
v2.1.1
v2.1.10
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.1.9
v2.2-beta-1
v2.2-beta-2
v2.2-beta-3
v2.2.0-RC1
v2.2.1
v2.2.2
v2.2.3
wc-beta-tester-2.*
wc-beta-tester-2.2.0
wc-beta-tester-2.2.0.b
wc-beta-tester-2.2.1
wc-beta-tester-2.2.2
wc-beta-tester-2.2.3
wc-beta-tester-2.2.4
wc-beta-tester-2.2.5
wc-beta-tester-2.3.0
wc-beta-tester-2.3.1
woo-ai-0.*
woo-ai-0.1.0
woo-ai-0.2.0
woo-ai-0.4.0
woo-ai-0.5.0
woo-ai-0.6.0