CVE-2023-3954

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 21, 2023
Updated: Nov 7, 2023
CWE ID 610
CWE ID 73

Summary

CVE-2023-3954: The MultiParcels Shipping plugin for WooCommerce, used in WordPress websites, contains a Reflected Cross-Site Scripting (XSS) vulnerability. Before version 1.15.4, the plugin fails to sanitize and escape user input before rendering it on the page. An attacker can exploit this weakness by injecting malicious scripts into the parameter, which could potentially compromise the account of high-privilege users, including admins.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Foxitsoftware Foxit Reader

Affected Vendors

  • Foxit Software Inc.