First published: Thu Nov 30 2023(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Automattic Woocommerce | <=8.1.1 | |
Automattic Woocommerce Blocks | <=11.1.1 |
Update WooCommerce to 8.2.0 or a higher version.
Update WooCommerce Blocks to 11.1.2 or a higher version.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-47777.
The title of the vulnerability is WordPress WooCommerce and WooCommerce Blocks plugins - Auth. Cross-Site Scripting (XSS) vulnerability.
The severity of CVE-2023-47777 is medium.
The software affected by CVE-2023-47777 are Automattic WooCommerce (up to version 8.1.1) and Automattic WooCommerce Blocks (up to version 11.1.1).
CVE-2023-47777 can be exploited through stored Cross-Site Scripting (XSS) attacks.