CVE-2023-3954
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Aug 21, 2023
Updated: Nov 7, 2023
CWE ID 610
CWE ID 73
Summary
CVE-2023-3954: The MultiParcels Shipping plugin for WooCommerce, used in WordPress websites, contains a Reflected Cross-Site Scripting (XSS) vulnerability. Before version 1.15.4, the plugin fails to sanitize and escape user input before rendering it on the page. An attacker can exploit this weakness by injecting malicious scripts into the parameter, which could potentially compromise the account of high-privilege users, including admins.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Foxitsoftware Foxit Reader
Affected Vendors
- Foxit Software Inc.