Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.
6.1CVSS
6.3AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2.
7.5CVSS
7.5AI Score
0.001EPSS