2 matches found
WordPress WooCommerce Plugin Cross-Site Scripting (CVE-2015-2069)
A cross-site scripting vulnerability has been reported in WordPress WooCommerce plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
CVE-2015-2069
CVE-2015-2069 is a cross-site scripting (XSS) vulnerability in the WordPress WooCommerce plugin prior to 2.2.11. The issue arises because the plugin does not properly sanitize the QUERY_STRING on the wc-reports page (wp-admin/admin.php), allowing remote attackers to inject arbitrary web script or...