woocommerce is vulnerable to cross-site scripting (XSS) attacks. A malicious user can inject and execute arbitrary webscript through the range
parameter in the wc-reports
page.
CPE | Name | Operator | Version |
---|---|---|---|
woocommerce/woocommerce | le | 2.2.2 |
seclists.org/fulldisclosure/2014/Sep/59
secunia.com/advisories/61377
raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt
security.dxw.com/advisories/reflected-xss-in-woocommerce-excelling-ecommerce-allows-attackers-ability-to-do-almost-anything-an-admin-user-can-do
wordpress.org/plugins/woocommerce/changelog