Report
The WooCommerce plugin for WordPress is vulnerable to content injection in all versions up to, and including, 8.9.2. This is due to the plugin not properly restricting/validating content. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject arbitrary content.
Score:3.5
Severity:Low
Version: 8.9.2
There is a patch available in v9.0.0 and we strongly recommend you update to this version as soon as possible.
