← Back

Woocommerce Currency Switcher

woocommerce_currency_switcher

Vendor: Woocommerce • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24938
1Woocommerce
1Woocommerce Currency Switcher
Nov 21, 2024
Dec 6, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, lead...Show more
The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issueShow less