First published: Fri May 20 2022(Updated: )
Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wpwham Checkout Files Upload For Woocommerce | <=2.1.2 |
Update to 2.1.3 or higher version.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-29425 is medium.
The affected software of CVE-2022-29425 is WP Wham's Checkout Files Upload for WooCommerce plugin version 2.1.2 and below.
To fix the XSS vulnerability in WP Wham's Checkout Files Upload for WooCommerce plugin, it is recommended to update to version 2.1.3 or later.
The Common Weakness Enumeration (CWE) for CVE-2022-29425 is CWE-79 (Cross-Site Scripting).
More information about CVE-2022-29425 can be found at the following references: [Reference 1](https://patchstack.com/database/vulnerability/checkout-files-upload-woocommerce/wordpress-checkout-files-upload-for-woocommerce-plugin-2-1-2-cross-site-scripting-xss-vulnerability) and [Reference 2](https://wordpress.org/plugins/checkout-files-upload-woocommerce/#developers).