Cross-site scripting vulnerability on V8.4 by Wordfence

Viewing 4 replies - 1 through 4 (of 4 total)

  • Sí, en efecto, también alertamos mismo aviso. “WooCommerce <= 8.4.0 – Scripts entre sitios reflejados” que la versión Versión parcheada es la 8.5.0. la cuá aún no está disponible y llama la atención.

    Plugin Support Grigorij S. a11n

    (@grigaswp)

    Hi @orangedam

    This vulnerability has been fixed in version 8.4 of WooCommerce which is confirmed by the text here:

    https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce/woocommerce-840-reflected-cross-site-scripting

    IMPORTANT: There was a miscommunication and error in this vulnerability record where we initially reported version 8.5.0 as patched, while 8.4.0 was still vulnerable. This issue was patched in version 8.4.0 and only affects versions up to 8.3.0. Please rest assured knowing you can update the plugin to version 8.4.0 and this issue will be patched.

    I can also confirm from our side that this issue has indeed been addressed in WooCommerce 8.4.0.

    WooCommerce 8.5.0 has been released and then retracted due to an unrelated issue. It will likely be re-released early next week, however, there’s no rush to update since version 8.4.0 is secure.

    I hope this helps!

    Thread Starter orangedam

    (@orangedam)

    That is a good news, thanks!

    Orangedam

    Plugin Support Grigorij S. a11n

    (@grigaswp)

    Hi @orangedam,

    I’m glad if we could point you in the right direction with this!

    I’ll be marking this thread as resolved but feel free to create a new one if you have other questions!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Cross-site scripting vulnerability on V8.4 by Wordfence’ is closed to new replies.