Fortinet Discovers WordPress WooCommerce Plugin Cross-Site Scripting Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a cross-site scripting vulnerability in WordPress WooCommerce plugin.
WooCommerce is a free eCommerce plugin that allows you to sell anything, beautifully. Built to integrate seamlessly with WordPress, WooCommerce is the world's favorite eCommerce solution that gives both store owners and developers complete control. WooCommerce now powers 30% of all online stores -- more than any other platform.
A cross-site scripting vulnerability has been discovered in WooCommerce 2.6.8 and earlier versions. The vulnerability is caused by an error because the WooCommerce tax rates setting doesn't correctly process user-supplied data.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:WooCommerce.Import.CSV.XSS
Released Dec 09, 2016
Users should apply the solution provided by WooCommerce.
Additional Information
The vulnerability has been fixed in WooCommerce 2.6.9.