CVE-2024-1697

Summary

CVE-2024-1697: The Custom WooCommerce Checkout Fields Editor plugin for WordPress, affecting versions up to 1.3.1, contains a Stored Cross-Site Scripting (XSS) vulnerability. This issue stems from inadequate input sanitization and output escaping in the save_wcfe_options function, which allows authenticated attackers, with subscriber-level access and above, to inject malicious web scripts. These scripts will be executed whenever a user accesses an injected page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.