WPC Order Notes for WooCommerce - Reflected cross-site scripting (XSS)
Summary
Full name
WPC Order Notes for WooCommerce 1.5. - Reflected cross-site scripting (XSS)
Code name
State
Private
Release date
3 de jan. de 2025
Affected product
WPC Order Notes for WooCommerce
Affected version(s)
Version 1.5.
Vulnerability name
Reflected cross-site scripting (XSS)
Vulnerability type
Remotely exploitable
No
CVSS v4.0 vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:U
Exploit available
No
CVE ID(s)
Description
WPC Order Notes for WooCommerce 1.5. was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/wpc-order-notes.php.
Vulnerability
Skims by Fluid Attacks discovered a Reflected cross-site scripting (XSS) in WPC Order Notes for WooCommerce 1.5.. The following is the output of the tool:
Skims output
Our security policy
We have reserved the ID CVE-2025-0780 to refer to this issue from now on.
System Information
Version: WPC Order Notes for WooCommerce 1.5.
Mitigation
There is currently no patch available for this vulnerability.
Timeline
Vulnerability discovered
3 de jan. de 2025
Public disclosure
3 de jan. de 2025
