Back to search
CVE-2021-24323
Published: May 17, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled
| Vendor | Product | Versions |
|---|---|---|
Automattic | WooCommerce | affected 5.2.0 - < 5.2.0 |
Weaknesses (CWE)
References
https://wpscan.com/vulnerability/6d262555-7ae4-4e36-add6-4baa34dc3010
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now