Fortinet Discovers WordPress WooCommerce Plugin Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a cross-site scripting vulnerability in WordPress WooCommerce plugin.
WooCommerce is a free eCommerce plugin that allows you to sell anything, beautifully. Built to integrate seamlessly with WordPress, WooCommerce is the world's favorite eCommerce solution that gives both store owners and developers complete control. WooCommerce now powers 30% of all online stores -- more than any other platform.
A cross-site scripting vulnerability has been discovered in WooCommerce 2.6.8 and earlier versions. The vulnerability is caused by an error because the WooCommerce tax rates setting doesn't correctly process user-supplied data.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Dec 09, 2016
Users should apply the solution provided by WooCommerce.
The vulnerability has been fixed in WooCommerce 2.6.9.
This vulnerability was discovered by Zhouyuan Yang of Fortinet's FortiGuard Labs.