Filtered by vendor Wpdesk
Subscriptions
Filtered by product Flexible Checkout Fields For Woocommerce
Subscriptions
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-36731 | 1 Wpdesk | 1 Flexible Checkout Fields For Woocommerce | 2024-11-21 | 7.2 High |
The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction() function which is called via an admin_init hook, along with missing sanitization and escaping on the settings that are stored. |
Page 1 of 1.