关键信息 漏洞名称: WordPress SpecFit-Virtual Try On Woocommerce Plugin <= 70.6 is vulnerable to Cross Site Scripting (XSS) 优先级: Medium 受影响版本: <= 70.6 修复状态: No official fix available 风险: This vulnerability is moderately dangerous and expected to become exploited. 漏洞类型: Cross Site Scripting (XSS) 描述: This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. 解决方案: Automatically mitigate vulnerabilities and keep your websites safe. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. 时间线: - Reported by HLog on Jun 29th - Early warning sent to Patchstack customers on Jun 30th - Published by Patchstack on Jun 30th