What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in Customize My Account for WooCommerce <= 4.3.9 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Scripting (XSS) in Customize My Account for WooCommerce <= 4.3.9 versions.
Explanation of Vulnerability in Simple Terms
The Customize My Account for WooCommerce plugin through version 4.3.9 contains a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in users' browsers when they visit affected pages. The vulnerability requires user interaction and can affect other users on the site. Update to a version newer than 4.3.9 to resolve this issue.
What an attacker can do
Inject malicious scripts that run in visitors' browsers and steal data or perform actions on their behalf.
Potential impact on your site
Site visitors may have their sessions hijacked, credentials stolen, or be redirected to malicious sites.
Conditions required to exploit
Attacker needs network access; victim must visit a page containing the injected payload.
Key dates
External resources
Related vulnerabilities