First published: Mon Dec 06 2021(Updated: )
The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issue
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Woocommerce Woocommerce Currency Switcher | <1.3.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the WOOCS WordPress plugin is CVE-2021-24938.
The severity of CVE-2021-24938 is medium with a CVSS score of 6.1.
The WOOCS WordPress plugin before version 1.3.7.1 is affected by CVE-2021-24938.
The CWE of CVE-2021-24938 is CWE-79.
To fix CVE-2021-24938, update the WOOCS WordPress plugin to version 1.3.7.1 or later.