5 matches found
CVE-2021-38341
The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /includes/pluginsettings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10...
Cross site scripting
The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /includes/pluginsettings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10...
CVE-2021-38341
The CVE pertains to the WooCommerce Payment Gateway Per Category WordPress plugin (≤ 2.0.10) and describes a Reflected Cross‑Site Scripting flaw. The root cause is a reflected value in $_SERVER["PHP_SELF"] used by the plugin in includes/plugin_settings.php, enabling injection of arbitrary scripts...
CVE-2021-38341 WooCommerce Payment Gateway Per Category <= 2.0.10 Reflected Cross-Site Scripting
The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /includes/pluginsettings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...