PT-2026-40874 · WordPress · Gls Shipping For Woocommerce
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GLS Shipping for WooCommerce versions prior to 1.4.1
Description
Reflected Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which execute when a user is tricked into performing an action, such as clicking a link. The issue involves the
failed orders parameter.Recommendations
Update to a version later than 1.4.0.
As a temporary workaround, restrict access to or avoid using the
failed orders parameter until the update is applied.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gls Shipping For Woocommerce