Lucene search
China National Vulnerability DatabaseCNVD-2023-06540HistoryFeb 16, 2022 - 12:00 a.m.
WordPress PPOM for WooCommerce plugin cross-site scripting vulnerability
2022-02-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
14
wordpress
ppom
woocommerce
cross-site scripting
vulnerability
php
mysql
csrf checks
attack
EPSS
0.001
Percentile
24.8%
WordPress is a set of blogging platforms developed using the PHP language by the WordPress (Wordpress) Foundation. The platform supports setting up personal blogging sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress PPOM for WooCommerce plugin prior to 24.0, which stems from the plugin’s PPOM’s failure to authorize and CSRF checks, allowing any authenticated person to invoke it and set arbitrary settings. An attacker could exploit this vulnerability to cause a stored cross-site scripting attack.
Related
cve
cve
CVE-2021-25018
2022-02-14 12:15:14
patchstack
patchstack
cvelist
cvelist
wpexploit
wpexploit
PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS
2022-01-17 00:00:00
wpvulndb
wpvulndb
PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS
2022-01-17 00:00:00
nvd
nvd
CVE-2021-25018
2022-02-14 12:15:14
prion
prion
Cross site request forgery (csrf)
2022-02-14 12:15:00