Age Verification for Checkout - WordPress Plugin Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in the Age Verification for Your Checkout Page WordPress plugin, specifically in version 1.20.0. The issue arises because the plugin dynamically generates web content without properly validating the source of potentially untrusted data, particularly in the 'myapp/class-wc-integration-agechecker-integration.php' file.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

The vulnerability can be reproduced by sending a request to the web application with unvalidated data that is processed by the Age Verification plugin. This can be done by manipulating the 'POST' data to include a script payload, which the application will reflect back without proper sanitization.

Remediation

Users can update to Age Verification for Your Checkout Page version 1.20.1, which addresses this vulnerability.