Vulnerabilities > CVE-2022-0234 - Unspecified vulnerability in Pluginus Woocs
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |