CVE-2024-1697
CVE-2024-1697 affects the Custom WooCommerce Checkout Fields Editor plugin for WordPress, up to version 1.3.1. Root cause: insufficient input sanitization and output escaping in save_wcfe_options, enabling Stored XSS. Impact: authenticated users with subscriber+ access can inject scripts that exe...