WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists in the WordPress WooCommerce plugin, which stems from a lack of authorization checks for the tawcvs_save_settings function. An attacker could exploit this vulnerability to inject arbitrary web scripts via several parameters in the ~/includes/class-menu-page.php file.
CPE | Name | Operator | Version |
---|---|---|---|
WordPress1 WooCommerce Plugin | le | 2.1.1 |