WordPress Checkout Files Upload for WooCommerce plugin <= 2.1.2 - Cross-Site Scripting (XSS) vulnerability

2022-05-0400:00:00

Lucio Sá (Patchstack Alliance)

patchstack.com

wordpress

woocommerce

cross-site scripting

xss

lucio sá

patchstack alliance

update

EPSS

0.001

Percentile

33.5%

JSON

Cross-Site Scripting (XSS) vulnerability was discovered by Lucio Sá (Patchstack Alliance) in WordPress Checkout Files Upload for WooCommerce plugin (versions <= 2.1.2).

Solution

           Update the WordPress Checkout Files Upload for WooCommerce plugin to the latest available version (at least 2.1.3).

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29425

wordpress.org/plugins/checkout-files-upload-woocommerce/#developers

EPSS

0.001

Percentile

33.5%

JSON

Related for PATCHSTACK:5B440C5497A2D4EC9013E058F7E37EA6