Min Max Step Quantity Limits Manager For Woocommerce
Monthly
Reflected cross-site scripting in the WPFactory 'Min Max Step Quantity Limits Manager for WooCommerce' WordPress plugin (versions 5.2.2 and earlier) allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser after the victim clicks a crafted link. The CVSS 3.1 score of 7.1 is elevated by a scope change (S:C), reflecting that script execution can affect the WordPress admin context, but exploitation requires user interaction (UI:R). No public exploit was identified at time of analysis and the issue is not listed in CISA KEV.
Reflected cross-site scripting in the WPFactory 'Min Max Step Quantity Limits Manager for WooCommerce' WordPress plugin (versions 5.2.2 and earlier) allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser after the victim clicks a crafted link. The CVSS 3.1 score of 7.1 is elevated by a scope change (S:C), reflecting that script execution can affect the WordPress admin context, but exploitation requires user interaction (UI:R). No public exploit was identified at time of analysis and the issue is not listed in CISA KEV.