PT-2023-22250 · WordPress · Pi Websolution Cancel Order Request / Return Order / Repeat Order / Reorder For Woocommerce

Myungju Kim

Publicado

2023-06-26

Atualizado

2023-07-03

CVE-2023-29423

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin versions prior to 1.3.3

Description The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects users with admin+ authentication. This vulnerability can be exploited through specific endpoints related to order management, such as canceling, returning, or reordering.

Recommendations For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-29423

Produtos afetados

Pi Websolution Cancel Order Request / Return Order / Repeat Order / Reorder For Woocommerce

PT-2023-22250 · WordPress · Pi Websolution Cancel Order Request / Return Order / Repeat Order / Reorder For Woocommerce

CVE-2023-29423

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3