Closed Chetna1510 closed 1 year ago
Describe the bug A vulnerability discovered in Order Delivery Date for WooCommerce WordPress plugin discovered by security researcher Phd.
Phd discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Order Delivery Date for WooCommerce Plugin to Patchstack.
To Reproduce Steps to reproduce the behavior:
reflected XSS in Order Delivery Date for WooCommerce <= 3.20.0
Need to set delivery date in Edit Order Delivery Date and/or Time section of order post
http://localhost:8085/wordpress/wp-admin/edit.php?post_type=shop_order&order_delivery_date_lite_filter=custom&orddd_lite_custom_startdate=%22%3E%3Cimg+src%3D1+onerror%3Dalert%281%29%3E
Additional context https://tychesoftwares.freshdesk.com/a/tickets/56169
For general tips on how to patch a vulnerability, take a look here: https://patchstack.com/articles/common-plugin-vulnerabilities-how-to-fix-them/
Describe the bug A vulnerability discovered in Order Delivery Date for WooCommerce WordPress plugin discovered by security researcher Phd.
Phd discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Order Delivery Date for WooCommerce Plugin to Patchstack.
To Reproduce Steps to reproduce the behavior:
reflected XSS in Order Delivery Date for WooCommerce <= 3.20.0
Need to set delivery date in Edit Order Delivery Date and/or Time section of order post
http://localhost:8085/wordpress/wp-admin/edit.php?post_type=shop_order&order_delivery_date_lite_filter=custom&orddd_lite_custom_startdate=%22%3E%3Cimg+src%3D1+onerror%3Dalert%281%29%3E
Additional context https://tychesoftwares.freshdesk.com/a/tickets/56169
For general tips on how to patch a vulnerability, take a look here: https://patchstack.com/articles/common-plugin-vulnerabilities-how-to-fix-them/