3 matches found
CVE-2021-24938
The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue...
CVE-2021-24938 WooCommerce Currency Switcher < 1.3.7.1 - Reflected Cross-Site Scripting
The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue...
CVE-2021-24938
The CVE-2021-24938 vulnerability affects the WordPress WOOCS (WooCommerce Currency Switcher) plugin prior to 1.3.7.1. The issue arises because the plugin does not sanitise or escape the key parameter of the woocs_update_profiles_data AJAX action (accessible to authenticated users) before echoing ...