CVE-2024-9178

Published
View on NVD ↗
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

XT Floating Cart for WooCommerce
XT Floating Cart for WooCommerce
<p>A modern Floating Cart / Side Cart for WooCommerce that will improve customer buying experience and increase conversions.</p> <p><strong>What Would More Sales and Higher Conversions be Worth to You?</strong></p> <p>Have you ever found yourself in a situation where site visitors add products to their cart, but then leave your store without finalizing their purchase?</p> <p>I present to you Floating Cart for WooCommerce, the perfect solution that will improve customer buying experience and encourage them to click the “checkout” button.</p> <p><a href="https://demos.xplodedthemes.com/woo-floating-cart/" rel="nofollow ugc">👉 <strong>Official Demo</strong></a></p> <p>Your site will look more attractive, a cart icon with item count will always be visible on all pages, and a sliding cart will be visible when the customer clicks it.</p> <p><strong>Video Overview</strong></p> <span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/kDYMfqPkuCU?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span> <p><strong>Video Demo</strong></p> <span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/_1cRp4E7iEQ?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span> <p><strong>Demo</strong></p> <p><a href="https://demos.xplodedthemes.com/woo-floating-cart/" rel="nofollow ugc">https://demos.xplodedthemes.com/woo-floating-cart/</a></p> <p><strong>Free Version</strong></p> <ul> <li>Unobstructive Floating Cart</li> <li>Fast add to cart</li> <li>Update quantities</li> <li>Remove product from cart</li> <li>Undo product removal</li> <li>Show max quantity reached msg</li> <li>Change Cart / Counter Position</li> <li>Responsive / Mobile Support</li> </ul> <p><strong>Premium Features</strong></p> <p>Fully customizable right from WordPress Customizer with Live Preview.</p> <ul> <li>All Free Features</li> <li>Live Preview Customizer</li> <li>Enable Fly To Cart animation</li> <li>Enable Coupons</li> <li>Enable Cart Totals</li> <li>Enable Total Savings</li> <li>Enable Express Checkout Form</li> <li>Enable Cart Menu Item</li> <li>Enable Auto Height</li> <li>Enable Suggested Products (Related / Cross-Sell / Upsell)</li> <li>Enable Free Shipping Bar</li> <li>Select Between Morph Slide Animation</li> <li>Support variations, bundles &amp; composites</li> <li>Clear / Restore entire cart in 1 click.</li> <li>Display product attributes within the cart</li> <li>Change Cart Width / Height</li> <li>Apply Google Fonts</li> <li>Custom Colors / Backgrounds</li> <li>Custom Icons (SVG / Image / Font Icons)</li> <li>Select from 11 loading spinner animations</li> <li>Exclude pages from displaying the cart</li> <li>Device Visibility options</li> <li>Ajax add to cart on Single Product pages</li> <li>Ajax add to cart within Quick View Modals</li> <li>Select between Checkout Or View Cart button</li> <li>Option to trigger the cart on Mouse Over</li> <li>Display Subtotal or Total</li> <li>RTL Support</li> <li>Automated Updates &amp; Security Patches</li> <li>Priority Email &amp; Help Center Support</li> </ul> <p><strong>Compatible With <a href="https://xplodedthemes.com/products/woo-quick-view/" rel="nofollow ugc">XT Quick View</a></strong><br /> <strong>Compatible With <a href="https://xplodedthemes.com/products/woo-variation-swatches/" rel="nofollow ugc">XT Variation Swatches</a></strong><br /> <strong>Compatible With <a href="https://xplodedthemes.com/products/woo-variations-as-singles/" rel="nofollow ugc">Woo Variations As Singles</a></strong></p> <p><strong>Translations</strong></p> <ul> <li>English &#8211; default</li> </ul> <p><em>Note:</em> All our plugins are localized / translatable by default. This is very important for all users worldwide. So please contribute your language to the plugin to make it even more useful.</p>
WordPress Plugin DirectoryWordPress Plugin Directory
444K