WooCommerce, bb053f3c24afaa2cf4bc50ebf0e88d8b6f601d08

CVE, Research URL: bb053f3c24afaa2cf4bc50ebf0e88d8b6f601d08
Home page URL: Security reports for WooCommerce
Application: WooCommerce
Published on: Jan 12, 2024
Research Description: WooCommerce [woocommerce] < 8.4.0 WooCommerce < 8.4.0 - Reflected Cross-Site Scripting The WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions before 8.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. IMPORTANT: There was a miscommunication and error in this vulnerability record where we initially reported version 8.5.0 as patched, while 8.4.0 was still vulnerable. This issue was patched in version 8.4.0 and only affects versions up to 8.3.0. Please rest assured knowing you can update the plugin to version 8.4.0 and this issue will be patched.
Affected versions: max 8.4.0.
Status: vulnerable