CVE-2022-2575 – The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise …

16 September 2022

Vuln ID: CVE-2022-2575

Published: 2022-09-16 09:15:10Z

Description: The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Source: NVD.NIST.GOV

Date:

16 September 2022

Categorie(s):

NVD

Tag(s):

NVD

6 Surprising Ways Hackers Can Exploit Your Smart Home Devices19 April 2024
Protobom: Open-source software supply chain tool19 April 2024
The key pillars of domain security19 April 2024
Fraudsters abused Apple Stores’ third-party pickup policy to phish for profits19 April 2024
51% of enterprises experienced a breach despite large security stacks19 April 2024