Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/22 10:16 p.m.9 views

CVE-2022-0234

The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.5AI score0.01752EPSS
Exploits2References1
nvd
nvd
added 2022/02/21 11:15 a.m.23 views

CVE-2022-0234

The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.01752EPSS
Exploits2References2
cve
cve
added 2022/02/21 10:46 a.m.147 views

CVE-2022-0234

CVE-2022-0234 affects the WordPress WOOCS – Currency Switcher for WooCommerce plugin up to version 1.3.7.5. The vulnerability arises because the plugin does not sanitize/escape the woocs_in_order_currency parameter in the AJAX action woocs_get_products_price_html, exposed to both unauthenticated ...

6.1CVSS6AI score0.01752EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2022/02/21 10:46 a.m.30 views

CVE-2022-0234 WOOCS < 1.3.7.5 - Reflected Cross-Site Scripting

The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.2AI score0.01752EPSS
Exploits2References2
Rows per page
Query Builder