UCRM Argentina AFIP Invoices Plugin Cross-Site Scripting Vulnerability
Vulnerability
A Cross-Site Scripting (XSS) vulnerability has been identified in the UCRM Argentina AFIP Invoices Plugin, specifically in versions through 1.2.0. This vulnerability could lead to privilege escalation if an Administrator is deceived into visiting a maliciously crafted page. It is important to note that this plugin is disabled by default.
Impact
Exploitation of this vulnerability could allow for Cross-Site Scripting, leading to potential privilege escalation by tricking an Administrator into visiting a malicious page.
Remediation
Users are advised to update the UCRM Argentina AFIP Invoices Plugin to version 1.3.0 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.