PT-2024-17589 · Woocommerce · The Coupon Affiliates – Affiliate Plugin For Woocommerce
Arkadiusz Hydzik
·
Published
2024-12-13
·
Updated
2024-12-13
·
CVE-2024-12421
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Coupon Affiliates – Affiliate Plugin for WooCommerce versions prior to 5.16.7.2
Description
The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a value before running
do shortcode. This functionality is also vulnerable to Reflected Cross-Site Scripting.Recommendations
For versions prior to 5.16.7.1, update to version 5.16.7.1 to patch the Cross-Site Scripting vulnerability.
For versions prior to 5.16.7.2, update to version 5.16.7.2 to patch the arbitrary shortcode execution vulnerability.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Coupon Affiliates – Affiliate Plugin For Woocommerce