Description
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploitation of this issue does not require user interaction.
Remediation
References
Related Vulnerabilities
WordPress Plugin Post Connector Cross-Site Scripting (1.0.3)
WordPress 4.3.x Same Origin Method Execution (SOME) Vulnerability (4.3 - 4.3.3)
MySQL CVE-2020-14539 Vulnerability (CVE-2020-14539)
PHP Other Vulnerability (CVE-2015-0232)
WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)