CVE-2021-4372

Name of the Vulnerable Software and Affected Versions WooCommerce Dynamic Pricing and Discounts plugin for WordPress versions up to, and including, 2.4.1

Description The issue is related to Stored Cross-Site Scripting due to missing sanitization on settings imported via the import() function. This allows unauthenticated attackers to import a settings file containing malicious JavaScript, which would execute when an administrator accesses the settings area of the site.

Recommendations For versions up to, and including, 2.4.1, update to a version higher than 2.4.1 to resolve the issue. As a temporary workaround, consider restricting access to the settings import functionality to prevent malicious settings files from being imported.