CVE-2021-42363

Name of the Vulnerable Software and Affected Versions Preview E-Mails for WooCommerce WordPress plugin versions up to and including 1.6.8

Description The issue allows attackers to inject arbitrary web scripts via the search order parameter found in the ~/views/form.php file, enabling Reflected Cross-Site Scripting attacks.

Recommendations For versions up to and including 1.6.8, update to a version later than 1.6.8 to resolve the issue. As a temporary workaround, consider restricting access to the search order parameter in the ~/views/form.php file to minimize the risk of exploitation.