Vulnerabilities and security researches forproduct-variation-swatches-for-woocommerce product-variation-swatches-for-woocommerce

Jun 07, 2024

CVE, Research URL: CVE-2021-42367
Home page URL: Security reports for Variation Swatches for WooCommerce
Application: Variation Swatches for WooCommerce
Date: Dec 14, 2021
Research Description: The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.
Affected versions: max 2.1.2.
Status: vulnerable