Fortinet Discovers WordPress WooCommerce Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a stored Cross-Site Scripting (XSS) vulnerability in Automattic WordPress WooCommerce Plugin.
WooCommerce is the world's favorite eCommerce solution that gives both store owners and developers complete control.
A stored XSS vulnerability has been discovered in WooCommerce 3.5.4 and earlier versions. It is caused by inadequate filtering on the image caption.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Feb 21, 2019
Users should apply the solution provided by Automattic.
Fortinet reported the vulnerability to Automattic on Feb 13, 2019.
Automattic confirmed the vulnerability on Feb 18, 2019.
Automattic patched the vulnerability on Feb 20, 2019.
This vulnerability was discovered by Zhouyuan Yang of Fortinet's FortiGuard Labs.