CVE-2023-0068

Name of the Vulnerable Software and Affected Versions The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin versions 1.1.1 and earlier

Description The issue concerns the failure to validate and escape certain shortcode attributes in the plugin, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This occurs when the shortcode is embedded in a page or post and the attributes are outputted back without proper validation and escaping.

Recommendations For versions 1.1.1 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of shortcodes to minimize the risk of exploitation. Additionally, restrict access to users with the contributor role and above to reduce the potential for Stored Cross-Site Scripting attacks.