cleantalk
Vulnerabilities and Security Researches

Custom WooCommerce Checkout Fields Editor, CVE-2024-1697

CVE, Research URL

CVE-2024-1697

Home page URL

Security reports for Custom WooCommerce Checkout Fields Editor

Application

Custom WooCommerce Checkout Fields Editor

Published on
Mar 23, 2024
Research Description
The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.3.2.
Status
vulnerable
Previous vulnerability researches
Custom WooCommerce Checkout Fields Editor (CVE-2025-58799) , Sep 08, 2025
Custom WooCommerce Checkout Fields Editor (CVE-2024-33956) , Jun 06, 2024
Custom WooCommerce Checkout Fields Editor (b6cd50d916ad63760041bbce3847bd942de90fbc) , Jun 06, 2024
Custom WooCommerce Checkout Fields Editor (CVE-2024-1697) , Jun 06, 2024
Custom WooCommerce Checkout Fields Editor (CVE-2024-30518) , Jun 06, 2024
New vulnerability
Security & Malware scan by CleanTalk , Apr 03, 2026
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026