• wineschoolofcheshire

    (@wineschoolofcheshire)


    Hi – Wordfence security has flagged this in a scan – can you advise?

    Plugin Name: Custom Add to Cart Button Label and Link

    Current Plugin Version: 1.6.1

    Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Custom Add to Cart Button Label and Link” until a patched version is available. Get more information.

    Repository URL: https://www.ads-software.com/plugins/woo-custom-cart-button

    Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/10cfc6e2-1502-45cb-b868-32228b3ccdd9?source=plugin

    Info from the link above says:

    Description

    The Custom Add to Cart Button Label and Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.