woocommerce is vulnerable to cross-site scripting (XSS) attacks. The attacks can be launched because wp-admin/admin.php
does not sanitize the QUERY_STRING in the wc-reports page.
CPE | Name | Operator | Version |
---|---|---|---|
woocommerce/woocommerce | le | 2.2.10 |
packetstormsecurity.com/files/130458/WordPress-WooCommerce-2.2.10-Cross-Site-Scripting.html
seclists.org/fulldisclosure/2015/Feb/75
www.securityfocus.com/bid/74885
github.com/woocommerce/woocommerce/commit/6a5728d9c0823d748c47ad0dac85ccec2293b6d9
github.com/woocommerce/woocommerce/commit/e3fe9740d83e2aa71601c475336b913a9eb49489
wordpress.org/plugins/woocommerce/changelog/