Fortinet Discovers WordPress WooCommerce Plugin Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a Cross-Site Scripting (XSS) vulnerability in WordPress WooCommerce plugin.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Mar 16, 2015
Users should apply the solution provided by WordPress.
This is a persistent Cross-Site Scripting vulnerability. Any WordPress user can exploit it to inject arbitrary script code by placing a specially-crafted order.
This vulnerability was discovered by Zhouyuan Yang of Fortinet's FortiGuard Labs.