0.001 Low
EPSS
Percentile
50.5%
Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.
woocommerce.com/products/woocommerce-subscriptions/
www.precursorsecurity.com/blog
www.precursorsecurity.com/blog/woocommerce-subscriptions-persistent-xss-cve-2019-18834