Medium severity6.5NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026

CVE-2021-4372

Description

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. This is due to missing sanitization on the settings imported via the import() function. This makes it possible for unauthenticated attackers to import a settings file containing malicious JavaScript that would execute when an administrator accesses the settings area of the site.

Affected products

Rightpress/Woocommerce Dynamic Pricing And Discounts
cpe:2.3:a:rightpress:woocommerce_dynamic_pricing_and_discounts:*:*:*:*:*:wordpress:*:*
Range: <=2.4.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.nintechnet.com/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities/nvdExploit
www.wordfence.com/threat-intel/vulnerabilities/id/bcaa5d0e-b764-4566-bd46-2d41dc391c36nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000