This vulnerability (CVE-2024-29760) in Pluggabl LLC's Booster for WooCommerce plugin is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), which enables reflected cross-site scripting attacks. The flaw allows an attacker to inject malicious scripts via crafted input that is not properly sanitized before being included in web pages. The affected versions include all releases up to 7.1.7. The CVSS v3.1 base score is 7.1, indicating a high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability. No official fix or patch has been documented yet, and the plugin is not a cloud service, so remediation depends on vendor updates or user action.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser session when they visit a crafted URL or page. This can lead to theft of sensitive information, session hijacking, or other malicious actions affecting confidentiality, integrity, and availability of the affected system or user data. The CVSS score of 7.1 reflects these potential impacts. However, no known exploits have been reported in the wild so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is currently available, users should monitor for updates from Pluggabl LLC and apply patches promptly once released. Until then, consider implementing web application firewall (WAF) rules to detect and block reflected XSS attempts targeting the Booster for WooCommerce plugin. Avoid clicking on suspicious links and limit user interaction with untrusted inputs related to the plugin.