2 matches found
CVE-2021-4372 WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Stored Cross-Site Scripting
The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. This is due to missing sanitization on the settings imported via the import function. This makes it possible for unauthenticated attackers to...
CVE-2021-4372
The CVE-2021-4372 entry concerns the WordPress plugin “WooCommerce Dynamic Pricing and Discounts.” A Stored Cross-Site Scripting flaw exists in versions up to and including 2.4.1 due to missing sanitization on settings imported via the import() function. This allows unauthenticated attackers to s...