Description
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploitation of this issue does not require user interaction.
Remediation
References
Related Vulnerabilities
WordPress Plugin Pods-Custom Content Types and Fields SQL Injection (2.5.1.1)
MySQL CVE-2018-3075 Vulnerability (CVE-2018-3075)
MySQL CVE-2023-21980 Vulnerability (CVE-2023-21980)
WordPress Plugin Social Media Flying Icons-Floating Social Media Icon Cross-Site Scripting (2.1)
WordPress Plugin WooCommerce Customers Manager Multiple Vulnerabilities (26.5)