CVE-2021-24938
N/A
N/A
Summary
The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issue
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | WOOCS – Currency Switcher for WooCommerce. Professional and Free multi currency plugin – Pay in selected currency | 1.3.7.1 < 1.3.7.1 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.