PT-2023-22250 · WordPress · Pi Websolution Cancel Order Request / Return Order / Repeat Order / Reorder For Woocommerce

Myungju Kim

Published

2023-06-26

Updated

2023-07-03

CVE-2023-29423

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin versions prior to 1.3.3

Description The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects users with admin+ authentication. This vulnerability can be exploited through specific endpoints related to order management, such as canceling, returning, or reordering.

Recommendations For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-29423

Affected Products

Pi Websolution Cancel Order Request / Return Order / Repeat Order / Reorder For Woocommerce

CVE-2023-29423

Weakness Enumeration

Related Identifiers

Affected Products

References · 3