← Back to CVE List
CVE-2022-2090
The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt