CVE-2023-29094

Name of the Vulnerable Software and Affected Versions PI Websolution Product page shipping calculator for WooCommerce plugin versions 1.3.20 and earlier

Description The issue is related to an Authenticated Stored Cross-site Scripting (XSS) vulnerability. This means that an attacker with admin privileges can inject malicious code into the application, which will be executed by the browser of other users. The vulnerability is located in the shipping calculator functionality of the plugin.

Recommendations For versions 1.3.20 and earlier, update to a version later than 1.3.20 to resolve the issue. As a temporary workaround, consider restricting access to the shipping calculator feature in the plugin to minimize the risk of exploitation.