CVE-2013-5978

Name of the Vulnerable Software and Affected Versions Cart66 Lite plugin versions prior to 1.5.1.15

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific fields, including the Product name and Price description fields, by making a request to "wp-admin/admin.php".

Recommendations For versions prior to 1.5.1.15, update to version 1.5.1.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin.php" endpoint to minimize the risk of exploitation. Avoid using the Product name and Price description fields in the affected plugin until the issue is resolved.