The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
The Customer Reviews for WooCommerce plugin contains a reflected XSS vulnerability in the 'crsearch' parameter affecting versions up to 5.101.0, allowing unauthenticated attackers to inject malicious scripts. Attackers can exploit this by tricking users into clicking malicious links that execute arbitrary JavaScript in their browsers.
يحتوي مكون Customer Reviews for WooCommerce على ثغرة XSS منعكسة في معامل البحث 'crsearch' بسبب عدم كفاية تنظيف المدخلات والتحقق من المخرجات. يمكن للمهاجمين غير المصرح لهم حقن نصوص ويب عشوائية تُنفذ عند خداع المستخدمين بالنقر على روابط ضارة.
The Customer Reviews for WooCommerce plugin contains a reflected XSS vulnerability in the 'crsearch' parameter affecting versions up to 5.101.0, allowing unauthenticated attackers to inject malicious scripts. Attackers can exploit this by tricking users into clicking malicious links that execute arbitrary JavaScript in their browsers.
Update the Customer Reviews for WooCommerce plugin to version 5.101.1 or later immediately. Implement Web Application Firewall (WAF) rules to filter malicious input patterns. Conduct security awareness training for users regarding phishing and suspicious links. Monitor for exploitation attempts in access logs.
قم بتحديث مكون Customer Reviews for WooCommerce إلى الإصدار 5.101.1 أو أحدث على الفور. طبق قواعد جدار حماية تطبيقات الويب (WAF) لتصفية أنماط الإدخال الضارة. أجرِ تدريباً على الوعي الأمني للمستخدمين بشأن الرسائل المزيفة والروابط المريبة. راقب محاولات الاستغلال في سجلات الوصول.