Customize My Account For Woocommerce
Monthly
Reflected Cross-Site Scripting in the Customize My Account for WooCommerce WordPress plugin (versions 4.3.9 and earlier) lets unauthenticated remote attackers inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. The flaw carries a CVSS 7.1 rating driven by a scope change (S:C), meaning script execution crosses the plugin's security boundary into the wider WordPress session context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Reflected Cross-Site Scripting in the Customize My Account for WooCommerce WordPress plugin (versions 4.3.9 and earlier) lets unauthenticated remote attackers inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. The flaw carries a CVSS 7.1 rating driven by a scope change (S:C), meaning script execution crosses the plugin's security boundary into the wider WordPress session context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.