Lucene search
Veracode Vulnerability DatabaseVERACODE:4777HistoryJul 28, 2017 - 6:27 a.m.
Cross-Site Scripting (XSS)
2017-07-2806:27:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.003 Low
EPSS
Percentile
69.2%
woocommerce is vulnerable to cross-site scripting (XSS) attacks. The attacks can be launched because wp-admin/admin.php does not sanitize the QUERY_STRING in the wc-reports page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| woocommerce/woocommerce | le | 2.2.10 |
References
packetstormsecurity.com/files/130458/WordPress-WooCommerce-2.2.10-Cross-Site-Scripting.html
seclists.org/fulldisclosure/2015/Feb/75
www.securityfocus.com/bid/74885
github.com/woocommerce/woocommerce/commit/6a5728d9c0823d748c47ad0dac85ccec2293b6d9
github.com/woocommerce/woocommerce/commit/e3fe9740d83e2aa71601c475336b913a9eb49489
wordpress.org/plugins/woocommerce/changelog/
Related
checkpoint_advisories
checkpoint_advisories
WordPress WooCommerce Plugin Cross-Site Scripting (CVE-2015-2069)
2015-03-08 00:00:00
prion
prion
Cross site scripting
2015-02-24 17:59:00
cve
cve
CVE-2015-2069
2015-02-24 17:59:05
cvelist
cvelist
CVE-2015-2069
2015-02-24 17:00:00
patchstack
patchstack
WordPress WooCommerce Plugin <= 2.2.10 - XSS
2015-02-24 00:00:00
nvd
nvd
CVE-2015-2069
2015-02-24 17:59:05
wpvulndb
wpvulndb
WooCommerce <= 2.2.10 - Cross-Site Scripting (XSS)
2015-02-22 00:00:00
kaspersky
kaspersky
KLA10491 Multiple vulnerabilities in WordPress plugins
2015-03-17 00:00:00