Vulnerabilities for Woocommerce (...) - CXSECURITY.COM

Vulnerabilities for 'Woocommerce'

2022-07-17

CVE-2022-2099

CWE-94

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles

2021-05-17

CVE-2021-24323

CWE-79

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled

2020-12-27

CVE-2020-29156

CWE-863

The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.

2020-06-19

CVE-2019-20891

CWE-352

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.

2019-02-25

CVE-2019-9168

CWE-79

WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.

2019-01-15

CVE-2018-20714

CWE-22

The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin.

2017-01-03

CVE-2016-10112

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.

>>> Vendor: Woocommerce 11 Products

Woocommerce

Paypal checkout payment gateway

Payu india payment gateway

Persian woocommerce sms

Woocommerce currency switcher

Persian-woocommerce

Copyright 2024, cxsecurity.com