← Back

Woocs

woocs

Vendor: Pluginus • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-0234
1Pluginus
1Woocs
Nov 21, 2024
Feb 21, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) be...Show more
The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site ScriptingShow less