Wordfence security warning
-
Hi – Wordfence security has flagged this in a scan – can you advise?
Plugin Name: Custom Add to Cart Button Label and Link
Current Plugin Version: 1.6.1
Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Custom Add to Cart Button Label and Link” until a patched version is available. Get more information.
Repository URL: https://www.ads-software.com/plugins/woo-custom-cart-button
Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/10cfc6e2-1502-45cb-b868-32228b3ccdd9?source=plugin
Info from the link above says:
Description
The Custom Add to Cart Button Label and Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- You must be logged in to reply to this topic.