Lucene search
China National Vulnerability DatabaseCNVD-2021-101686HistoryDec 19, 2021 - 12:00 a.m.
WordPress WooCommerce Plugin Cross-Site Scripting Vulnerability (CNVD-2021-101686)
2021-12-1900:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
0.001 Low
EPSS
Percentile
19.4%
WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists in the WordPress WooCommerce plugin, which stems from a lack of authorization checks for the tawcvs_save_settings function. An attacker could exploit this vulnerability to inject arbitrary web scripts via several parameters in the ~/includes/class-menu-page.php file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| WordPress1 WooCommerce Plugin | le | 2.1.1 |
Related
threatpost
threatpost
80K Retail WooCommerce Sites Exposed by Plugin XSS Bug
2021-12-01 19:34:53
cve
cve
CVE-2021-42367
2021-12-14 16:15:09
nvd
nvd
CVE-2021-42367
2021-12-14 16:15:09
wordfence
wordfence
XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce
2021-12-01 14:55:56
wpvulndb
wpvulndb
patchstack
patchstack
cvelist
cvelist
prion
prion
Cross site scripting
2021-12-14 16:15:00
openvas
openvas