Vulnerabilities > CVE-2021-42367 - Missing Authorization vulnerability in Variation Swatches for Woocommerce Project Variation Swatches for Woocommerce

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE

Summary

The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.

Vulnerable Configurations

Part Description Count
Application
Variation_Swatches_For_Woocommerce_Project
63

Common Weakness Enumeration (CWE)