Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS
CVE-2023-5325

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Woocommerce Vietnam Checkout
Vendor
CVE Published:
27 November 2023

What is CVE-2023-5325?

The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS

Affected Version(s)

Woocommerce Vietnam Checkout 0 < 2.0.6

References

https://wpscan.com/vulnerability/e93841ef-e113-41d3-9fa1-...
exploitvdb-entrytechnical-description

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dc11
WPScan
.