Title: Vulnerability
Last modified: September 1, 2016

---

# Vulnerability

 *  [Agnes](https://wordpress.org/support/users/agneslesagegmailcom/)
 * (@agneslesagegmailcom)
 * [9 years, 9 months ago](https://wordpress.org/support/topic/vulnerability-13/)
 * Hi
    My host makes a Plugin Security Scan that told me about “Arbitrary Option
   Update Leading to Admin Account Vulnerability found: Woo Custom Checkout Field
   CSRF + Stored XSS” May be you ‘d like ot have a look at that… Agnes
 * [https://wordpress.org/plugins/woo-custom-checkout-field/](https://wordpress.org/plugins/woo-custom-checkout-field/)

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [Paul Gilzow](https://wordpress.org/support/users/gilzow/)
 * (@gilzow)
 * [9 years, 9 months ago](https://wordpress.org/support/topic/vulnerability-13/#post-7681781)
 * Your host is referring to this: [https://wpvulndb.com/vulnerabilities/8567](https://wpvulndb.com/vulnerabilities/8567)
 *  Plugin Author [Auratechmind](https://wordpress.org/support/users/auratechmind/)
 * (@auratechmind)
 * [9 years, 9 months ago](https://wordpress.org/support/topic/vulnerability-13/#post-7681890)
 * hi,
 * We have used and validated WP_nonce before insert function execute, See on index.
   php line 77.
 *  [whitefirdesign](https://wordpress.org/support/users/whitefirdesign/)
 * (@whitefirdesign)
 * [9 years, 9 months ago](https://wordpress.org/support/topic/vulnerability-13/#post-7681915)
 * The vulnerability gilzow mentioned was fixed in version 1.3.3 of the plugin (
   with further related security improvements made in 1.3.4 and 1.3.5). Is your 
   web host saying the vulnerability is in the latest version of the plugin?

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Vulnerability’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/woo-custom-checkout-field_6aa5e4.
   svg)
 * [Woo Custom Checkout Field](https://wordpress.org/plugins/woo-custom-checkout-field/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/woo-custom-checkout-field/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/woo-custom-checkout-field/)
 * [Active Topics](https://wordpress.org/support/plugin/woo-custom-checkout-field/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/woo-custom-checkout-field/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/woo-custom-checkout-field/reviews/)

 * 3 replies
 * 4 participants
 * Last reply from: [whitefirdesign](https://wordpress.org/support/users/whitefirdesign/)
 * Last activity: [9 years, 9 months ago](https://wordpress.org/support/topic/vulnerability-13/#post-7681915)
 * Status: not resolved