WooCommerce is the world’s most popular open source, free and flexible e-commerce plugin for WordPress, and one of the most mature open source e-commerce solutions for building foreign trade malls. cross-site scripting vulnerability exists in versions prior to WordPress Store Toolkit for WooCommerce plugin 2.3.2, which The vulnerability stems from the failure of the plugin’s Store Toolkit to clean up and escape tab parameters before outputting them back to the admin page in the form of an error message. An attacker could exploit this vulnerability to cause reflected cross-site scripting.