Vulnerabilities

CVE-2022-0234

by Fred · 21/02/2022

The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting

Date published : 2022-02-21

https://plugins.trac.wordpress.org/changeset/2659191

https://wpscan.com/vulnerability/fd568a1f-bd51-41bb-960d-f8573b84527b

Similar

Tags: Cybersecurity Alert