CVE-2021-38349

Name of the Vulnerable Software and Affected Versions Moneybird for WooCommerce WordPress plugin versions up to and including 2.1.1

Description The issue allows attackers to inject arbitrary web scripts via the error description parameter found in the ~/templates/wcmb-admin.php file, enabling Reflected Cross-Site Scripting attacks. This vulnerability can be exploited by injecting malicious scripts, potentially leading to unauthorized actions on the affected system.

Recommendations For versions up to and including 2.1.1, update to a version later than 2.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the ~/templates/wcmb-admin.php file to minimize the risk of exploitation. Avoid using the error description parameter in the affected file until the issue is resolved.