First published: Mon Nov 27 2023(Updated: )
The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Levantoan Woocommerce Vietnam Checkout Wordpress | <2.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Woocommerce Vietnam Checkout plugin is CVE-2023-5325.
The severity of CVE-2023-5325 is medium with a CVSS score of 6.1.
CVE-2023-5325 is an unauthenticated stored XSS vulnerability in the Woocommerce Vietnam Checkout WordPress plugin before version 2.0.6. It allows attackers to execute malicious scripts on a vulnerable website.
CVE-2023-5325 affects the Woocommerce Vietnam Checkout plugin by not escaping the custom shipping phone field on the checkout form, which can be exploited to conduct cross-site scripting (XSS) attacks.
To fix CVE-2023-5325, it is recommended to update the Woocommerce Vietnam Checkout plugin to version 2.0.6 or newer, which includes a patch for the vulnerability.