CVE-2021-25077: Store Toolkit for WooCommerce < 2.3.2 - Reflected Cross-Site Scripting
First published: Mon Feb 07 2022(Updated: )
The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Visser Store Toolkit For Woocommerce | <2.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-25077?
CVE-2021-25077 refers to a vulnerability in the Store Toolkit for WooCommerce WordPress plugin before version 2.3.2 that allows for Reflected Cross-Site Scripting (XSS) attacks.
How severe is CVE-2021-25077?
CVE-2021-25077 has a severity rating of 6.1 (medium).
What is the affected software for CVE-2021-25077?
The affected software for CVE-2021-25077 is the Store Toolkit for WooCommerce WordPress plugin version up to and excluding 2.3.2.
How do I fix CVE-2021-25077?
To fix CVE-2021-25077, update your Store Toolkit for WooCommerce WordPress plugin to version 2.3.2 or newer.
What is the CWE ID for CVE-2021-25077?
The CWE ID for CVE-2021-25077 is 79, which corresponds to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/visser
- canonical/visser store toolkit for woocommerce