Report
The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction() function which is called via an admin_init hook, along with missing sanitization and escaping on the settings that are stored.
Score:9.3
Severity:Critical
Version: 2.3.1
There is a patch available in v2.3.2 and we strongly recommend you update to this version as soon as possible.
