The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin’s discount rule page, leading to Reflected Cross-Site Scripting
CPE | Name | Operator | Version |
---|---|---|---|
discount_rules_for_woocommerce | lt | 2.4.2 |