Product Addons & Fields for WooCommerce, CVE-2021-25018
- CVE, Research URL
- Application
- Published on
- Feb 14, 2022
- Research Description
- The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues
- Affected versions
-
max 24.0.
- Status
-
vulnerable