3 matches found
CURCY < 2.1.18 - Reflected Cross-Site Scripting
The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wc-reports&a"alert/XSS/...
Cross-Site Scripting (XSS)
woocommerce is vulnerable to cross-site scripting XSS attacks. The attacks can be launched because wp-admin/admin.php does not sanitize the QUERYSTRING in the wc-reports page...
Cross site scripting
Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php...