WordPress Edit WooCommerce Templates Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-47509

7.1HIGH

Key Information:

Vendor: WordPress
Status: Edit WooCommerce Templates
Vendor: CVE Published:; 16 November 2023

Summary

An unauthenticated reflected Cross-Site Scripting (XSS) vulnerability was discovered in the ioannup Edit WooCommerce Templates plugin, impacting versions up to and including 1.1.1. This vulnerability allows attackers to inject malicious scripts into web pages viewed by administrators and users, potentially leading to session hijacking or other malicious actions. It is crucial for website owners using this plugin to apply the necessary updates to mitigate the risk effectively.

Affected Version(s)

Edit WooCommerce Templates <= 1.1.1

References

https://patchstack.com/database/vulnerability/woo-edit-te...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 16, 2023
Vulnerability Reserved
Nov 6, 2023

Credit

LEE SE HYOUNG (Patchstack Alliance)