3 matches found
CVE-2024-1697
The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the savewcfeoptions function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Custom WooCommerce Checkout Fields Editor Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1697 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 655df2bce9e7...
CVE-2024-1697
CVE-2024-1697 affects the Custom WooCommerce Checkout Fields Editor plugin for WordPress, up to version 1.3.1. Root cause: insufficient input sanitization and output escaping in save_wcfe_options, enabling Stored XSS. Impact: authenticated users with subscriber+ access can inject scripts that exe...