First published: Mon Jan 10 2022(Updated: )
The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pluginus Woocommerce Currency Switcher | <1.3.7.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-25043.
The affected software is the WOOCS WordPress plugin before version 1.3.7.3.
The severity of CVE-2021-25043 is medium (CVSS score: 6.1).
The CWE category for CVE-2021-25043 is CWE-79 (Cross-Site Scripting).
To fix CVE-2021-25043, update the WOOCS WordPress plugin to version 1.3.7.3 or later.