WooCommerce < 4.1.0 - Unescaped Metadata when Duplicating Products



Description
The WooCommerce changelog file was updated with the following message:

"Security – Fixed unescaped meta data while duplicating products. Reported by Slavco."

We will update this issue with further information as it becomes available.

Affects Plugin

fixed in version 4.1.0

References

URL https://plugins.trac.wordpress.org/browser/woocommerce/tags/4.1.0/readme.txt?rev=2298743

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Slavco
Views 4111
Verified No
WPVDB ID 10220

Timeline

Publicly Published 2020-05-12 (14 days ago)
Added 2020-05-12 (13 days ago)
Last Updated 2020-05-12 (13 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin