CVE-2024-8629
WooCommerce Multilingual & Multicurrency with WPML <= 5.3.7 - Reflected Cross-Site ScriptingThe WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
We have discovered 21,744 live websites that are affected by CVE-2024-8629.
Affected Software
| Product |  WooCommerce Multilingual |
| Category | Wordpress Plugins |
| Vulnerable Domains | 21,744 live websites (48.22% of WooCommerce Multilingual install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 149 versions ( 94.30% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Oct 8, 2024
- Updated - Oct 8, 2024
Credits
- Dale Mavers (finder)
CWE
CVE References
CWE References
CVE-2024-8629 usage by Country
 United States | 4,199 websites |
 Germany | 2,889 websites |
 France | 2,003 websites |
 Italy | 1,574 websites |
 Spain | 1,174 websites |
 Poland | 651 websites |
 Switzerland | 636 websites |
 Greece | 633 websites |
 Netherlands | 631 websites |
 Estonia | 459 websites |
CVE-2024-8629 usage by TLD
| .com | 9,795 websites |
| .it | 1,262 websites |
| .de | 635 websites |
| .eu | 567 websites |
| .ch | 452 websites |
| .es | 421 websites |
| .nl | 391 websites |
| .pl | 381 websites |
| .fr | 341 websites |
| .ca | 338 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-8629
Top websites that are affected by CVE-2024-8629. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.me | United States | *,*** | |
| ***********.com | United States | **,*** | |
| ***************.com | United States | **,*** | |
| *******************.es | Spain | **,*** | |
| *************.ca |  Canada | **,*** | |
| *********.com |  Israel | **,*** | |
| **********.com | United States | **,*** | |
| *************.com | United States | **,*** | |
| ********.com | United States | ***,*** | |
| ************.dk |  Denmark | ***,*** |
FAQ
CVE-2024-8629 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in WooCommerce Multilingual
A total of 21,744 websites have been identified as vulnerable to CVE-2024-8629, discovered through global website indexing conducted by WebTechSurvey.
WooCommerce Multilingual is susceptible to CVE-2024-8629 vulnerability.
WooCommerce Multilingual versions before, and including, 5.3.7 are vulnerable to CVE-2024-8629.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/494dc869-6f4d-428b-99a8-87212f3007be?source=cve
- https://plugins.trac.wordpress.org/browser/woocommerce-multilingual/tags/5.3.7/inc/class-wcml-comments.php#L257
- https://plugins.trac.wordpress.org/changeset/3164233/woocommerce-multilingual/trunk/inc/class-wcml-comments.php