CVE-2022-29425

Name of the Vulnerable Software and Affected Versions WP Wham's Checkout Files Upload for WooCommerce plugin version 2.1.2 and earlier

Description A Cross-Site Scripting (XSS) issue has been identified. This type of issue occurs when an application includes user input in its output without proper validation or encoding, allowing an attacker to inject malicious content, such as scripts. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For WP Wham's Checkout Files Upload for WooCommerce plugin version 2.1.2 and earlier, update to a version later than 2.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's file upload functionality until a patch is available.