CVE-2021-25043

Name of the Vulnerable Software and Affected Versions WOOCS WordPress plugin versions prior to 1.3.7.3

Description The issue arises from the failure to sanitise and escape the custom prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue.

Recommendations For versions prior to 1.3.7.3, update to version 1.3.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the custom prices parameter to minimize the risk of exploitation.