A vulnerability was discovered in “Preview E-mails for WooCommerce”, a WordPress plugin that is an extension for WooCommerce, installed on over 20,000 sites. This flaw made it possible for an attacker to inject malicious JavaScript into a page that would execute if the attacker successfully tricked a site’s administrator into performing an action like clicking on a link.
Preview E-mails for WooCommerce is a simple plugin designed to give site owners the ability to preview the emails that are sent to customers via WooCommerce. Unfortunately, the plugin had a flaw that made it possible for attackers to inject malicious web scripts into the `digthis-woocommerce-preview-emails` page.
Details from WordFence: https://www.wordfence.com/blog/2021/11/woocommerce-extension-reflected-xss-vulnerability