WordPress Woocommerce Custom Checkout Fields Editor With Drag & Drop Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2022-46864
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 9 May 2023
What is CVE-2022-46864?
A reflected cross-site scripting (XSS) vulnerability exists in the WooCommerce Custom Checkout Fields Editor With Drag & Drop plugin, exposing users to potential security risks. This flaw allows attackers to inject malicious scripts through unauthenticated input, potentially compromising user data and functionality. The vulnerability affects versions up to 0.1, necessitating prompt updates to safeguard against potential exploitation.
Affected Version(s)
Woocommerce Custom Checkout Fields Editor With Drag & Drop <= 0.1