RSS   Vulnerabilities for 'Woocommerce'   RSS

2022-07-17
 
CVE-2022-2099

CWE-94
 

 
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles

 
2021-05-17
 
CVE-2021-24323

CWE-79
 

 
When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled

 
2020-12-27
 
CVE-2020-29156

CWE-863
 

 
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.

 
2020-06-19
 
CVE-2019-20891

CWE-352
 

 
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.

 
2019-02-25
 
CVE-2019-9168

CWE-79
 

 
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.

 
2019-01-15
 
CVE-2018-20714

CWE-22
 

 
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin.

 
2017-01-03
 
CVE-2016-10112

 

 
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.

 

 >>> Vendor: Woocommerce 11 Products
Woocommerce
Paypal checkout payment gateway
Payu india payment gateway
Persian woocommerce sms
Subscriptions
Nab transact
Gift cards
Help scout
Upload files
Woocommerce currency switcher
Persian-woocommerce


Copyright 2024, cxsecurity.com

 

Back to Top