CVE-2023-5348

Summary

CVE-2023-5348 is a vulnerability affecting the Product Catalog Mode feature in WooCommerce, a popular WordPress plugin. Prior to version 5.0.3, the plugin failed to adequately authorize settings updates and did not properly escape settings values. This issue allowed unauthenticated users to carry out Stored Cross-Site Scripting (XSS) attacks. The flaw could be exploited by injecting malicious scripts into the plugin settings, potentially leading to unauthorized access, data theft, and other malicious activities. It's essential for WooCommerce users to update their plugins to the latest version promptly to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.