Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-19831
HistoryJan 26, 2022 - 12:00 a.m.

WordPress WooCommerce plugin cross-site scripting vulnerability

2022-01-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
14
wordpress
woocommerce
cross-site scripting
vulnerability
php
javascript
administration page
order tracking

EPSS

0.001

Percentile

31.7%

WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress plugin WooCommerce prior to 1.1.10. The vulnerability stems from the fact that the WooCommerce WordPress plugin’s order tracking does not disinfect and escape the file url before outputting it to the administration page. An attacker could use this vulnerability to execute JavaScript code on the client side.

EPSS

0.001

Percentile

31.7%