WordPress Plugin Vulnerabilities

WooCommerce < 4.1.0 - Unescaped Metadata when Duplicating Products

Description

The WooCommerce changelog file was updated with the following message:

"Security – Fixed unescaped meta data while duplicating products. Reported by Slavco."

We will update this issue with further information as it becomes available.

Affects Plugins

Plugin icon
woocommerce
Fixed in 4.1.0

References

URL
https://plugins.trac.wordpress.org/browser/woocommerce/tags/4.1.0/readme.txt?rev=2298743

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.8 (low)

Miscellaneous

Original Researcher
Slavco
Verified
No
WPVDB ID
e938f544-d043-4831-888f-52d94e7c6c3d

Timeline

Publicly Published
2020-05-12 (about 5 years ago)
Added
2020-05-12 (about 5 years ago)
Last Updated
2020-05-12 (about 5 years ago)

Other

Published
Title
Published
2021-10-11
Title
3D Print Lite < 1.9.1.6 - Reflected Cross-Site Scripting
Published
2021-09-06
Title
My Chatbot <= 1.1 - Reflected Cross-Site Scripting (XSS)
Published
2022-08-30
Title
Simple File List < 4.4.12 - Reflected Cross-Site Scripting
Published
2024-03-15
Title
WP Calameo < 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-12-12
Title
WP Crowdfunding < 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting