WordPress WooCommerce Plugin Image Metadata Persistent Cross Site Scripting Vulnerability
Severity: HIGH
DESCRIPTION
A persistent Cross Site Scripting (XSS) vulnerability has been found in the WooCommerce WordPress Plugin. An attacker can create a specially crafted image file which, when uploaded as a product image in WordPress, injects malicious JavaScript code into the application. An attacker can use this vulnerability to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, and performing arbitrary actions on their behalf.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000552