WordPress WooCommerce Product Attachment plugin <= 1.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Back

Product: WooCommerce Product Attachment
Description: Authenticated Stored Cross-Site Scripting (XSS) vulnerability found by ThreatPress Research Team in WordPress WooCommerce Product Attachment plugin (versions <= 1.1.2).
Solution: 3 June 2018 - plugin still closed by WordPress Security team, no patched version available.
Classification: Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References: Plugin changelog
Vulnerability description
CVE: Name CVE-N/A
Versions: Affected In <= 1.1.2
Disclosure date: 2018-06-03
Credits: ThreatPress
Submitter: ThreatPress