4 matches found
CVE-2022-0234
The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
CVE-2022-0234
The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
CVE-2022-0234
CVE-2022-0234 affects the WordPress WOOCS – Currency Switcher for WooCommerce plugin up to version 1.3.7.5. The vulnerability arises because the plugin does not sanitize/escape the woocs_in_order_currency parameter in the AJAX action woocs_get_products_price_html, exposed to both unauthenticated ...
CVE-2022-0234 WOOCS < 1.3.7.5 - Reflected Cross-Site Scripting
The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting...