VYPR

Advanced Product Labels For Woocommerce

by WordPress

CVEs (1)

  • CVE-2022-0399MedMar 14, 2022
    risk 0.33cvss 6.1epss 0.01

    The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting