CVE-2023-5325: Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS
First published: Mon Nov 27 2023(Updated: )
The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Levantoan Woocommerce Vietnam Checkout Wordpress | <2.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Woocommerce Vietnam Checkout plugin?
The vulnerability ID for the Woocommerce Vietnam Checkout plugin is CVE-2023-5325.
What is the severity of CVE-2023-5325?
The severity of CVE-2023-5325 is medium with a CVSS score of 6.1.
What is the description of CVE-2023-5325?
CVE-2023-5325 is an unauthenticated stored XSS vulnerability in the Woocommerce Vietnam Checkout WordPress plugin before version 2.0.6. It allows attackers to execute malicious scripts on a vulnerable website.
How does CVE-2023-5325 affect the Woocommerce Vietnam Checkout plugin?
CVE-2023-5325 affects the Woocommerce Vietnam Checkout plugin by not escaping the custom shipping phone field on the checkout form, which can be exploited to conduct cross-site scripting (XSS) attacks.
What is the recommended action to fix CVE-2023-5325?
To fix CVE-2023-5325, it is recommended to update the Woocommerce Vietnam Checkout plugin to version 2.0.6 or newer, which includes a patch for the vulnerability.
- agent/type
- agent/last-modified-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/author
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/levantoan
- canonical/levantoan woocommerce vietnam checkout wordpress