The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. This is due to missing sanitization on the settings imported via the import() function. This makes it possible for unauthenticated attackers to import a settings file containing malicious JavaScript that would execute when an administrator accesses the settings area of the site.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Rightpress |
|
Configuration 1 [-]
|
No data.
References
History
Wed, 08 Apr 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Stored Cross-Site Scripting |
Sat, 28 Dec 2024 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-04-08T17:18:46.746Z
Reserved: 2023-06-06T13:16:06.372Z
Link: CVE-2021-4372
Vulnrichment
Updated: 2024-08-03T17:23:10.738Z
NVD
Status : Modified
Published: 2023-06-07T02:15:15.023
Modified: 2026-04-08T19:17:42.053
Link: CVE-2021-4372
Redhat
No data.