Lucene search
China National Vulnerability DatabaseCNVD-2022-19831HistoryJan 26, 2022 - 12:00 a.m.
WordPress WooCommerce plugin cross-site scripting vulnerability
2022-01-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
wordpress
woocommerce
cross-site scripting
vulnerability
php
javascript
administration page
order tracking
EPSS
0.001
Percentile
31.7%
WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress plugin WooCommerce prior to 1.1.10. The vulnerability stems from the fact that the WooCommerce WordPress plugin’s order tracking does not disinfect and escape the file url before outputting it to the administration page. An attacker could use this vulnerability to execute JavaScript code on the client side.
Related
wpvulndb
wpvulndb
Orders Tracking for WooCommerce < 1.1.10 - Reflected Cross-Site Scripting
2021-12-27 00:00:00
prion
prion
Cross site scripting
2022-01-24 08:15:00
patchstack
patchstack
wpexploit
wpexploit
Orders Tracking for WooCommerce < 1.1.10 - Reflected Cross-Site Scripting
2021-12-27 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2021-25062
2022-01-24 08:15:09
cve
cve
CVE-2021-25062
2022-01-24 08:15:09