Unrated severityNVD Advisory· Published Oct 15, 2024· Updated Apr 8, 2026
WooCommerce <= 9.0.2 - Unauthenticated HTML Injection
CVE-2024-9944
Description
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=9.0.2
- Range: 0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.