Vulnerabilities

CVE-2022-0397

by Fred · 28/03/2022

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action’s response (available to any authenticated user), leading to a Reflected Cross-Site Scripting

Date published : 2022-03-28

https://wpscan.com/vulnerability/c8091254-1ced-4363-ab7f-5b880447713d

Similar

Tags: Cybersecurity Alert