The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
With the PeachPay payment gateway enabled (can be enabled via the settings: http://example.com/wp-admin/admin.php?page=wc4jp-options&tab;=payment) Make a logged in admin open the following URL: https://example.com/wp-admin/admin.php?page=peachpay&tab;=field&">
CPE | Name | Operator | Version |
---|---|---|---|
woocommerce-for-japan | lt | 2.5.8 |