WordPress WooCommerce Shipping - DPD baltic plugin <= 1.2.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

2022-11-1600:00:00

Lana Codes (Patchstack Alliance)

patchstack.com

wordpress

woocommerce

dpd baltic shipping

cross-site scripting

vulnerability

update

0.001 Low

EPSS

Percentile

23.5%

JSON

Auth. Stored Cross-Site Scripting (XSS) vulnerability discovered by Lana Codes in WordPress WooCommerce Shipping - DPD baltic plugin (versions <= 1.2.8).

Solution

           Update the WordPress DPD Baltic Shipping plugin to the latest available version (at least 1.2.11).

CPENameOperatorVersion
dpd baltic shippingle1.2.8

CPE	Name	Operator	Version
	dpd baltic shipping	le	1.2.8

References

wpscan.com/vulnerability/5563c030-bd62-4839-98e8-84bc8191e242

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for PATCHSTACK:79E95816CFEF328AC7C22929D6AAB0B0