Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Variation Swatches for WooCommerce”, a WordPress plugin that is installed on over 80,000 sites and acts as an extension for WooCommerce. This flaw made it possible for an attacker with low-level permissions, such as a subscriber or a customer, to inject malicious JavaScript that would execute when a site administrator accessed the settings area of the plugin.

SOFTWARE ・ 4 DAYS AGO