WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress plugin Discount Rules for WooCommerce prior to 2.4.2, which stems from the fact that the plugin’s discount rules fail to escape parameters before exporting them back to the properties of the plugin’s discount rules page. The vulnerability is caused by the plugin’s discount rules failing to escape parameters before exporting them back to the properties of the plugin’s discount rules page, which can be exploited by attackers to perform cross-site scripting attacks.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress discount rules for woocommerce | lt | 2.4.2 |