CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3.
Explanation of Vulnerability in Simple Terms
The WooCommerce Registration Fields Plugin contains a cross-site scripting (XSS) vulnerability in versions up to 3.2.3. An attacker can inject malicious scripts into custom signup fields that execute in users' browsers when they view the registration form or related pages. The vulnerability requires user interaction and can affect multiple users across the site.
What an attacker can do
Inject malicious scripts that run in users' browsers when they interact with registration forms.
Potential impact on your site
Attackers can steal user credentials, session tokens, or personal data submitted through registration forms.
Conditions required to exploit
No authentication required. Victim must visit a page containing the vulnerable registration form.
Key dates
External resources
Related vulnerabilities
