The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2634227%40variation-swatches-for-woocommerce&new=2634227%40variation-swatches-for-woocommerce&sfp_email=&sfph_mail= - Patch, Third Party Advisory | |
References | () https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42367 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 6.4 |
17 Dec 2021, 01:56
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42367 - Third Party Advisory | |
References | (MISC) https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2634227%40variation-swatches-for-woocommerce&new=2634227%40variation-swatches-for-woocommerce&sfp_email=&sfph_mail= - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CPE | cpe:2.3:a:variation_swatches_for_woocommerce_project:variation_swatches_for_woocommerce:*:*:*:*:*:wordpress:*:* |
14 Dec 2021, 16:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-14 16:15
Updated : 2024-11-21 06:27
NVD link : CVE-2021-42367
Mitre link : CVE-2021-42367
CVE.ORG link : CVE-2021-42367
JSON object : View
Products Affected
variation_swatches_for_woocommerce_project
- variation_swatches_for_woocommerce