Lucene search
Taurus OmarWPVDB-ID:0316E5F3-3302-40E3-8FF4-BE3423A3BE7BHistoryJun 20, 2022 - 12:00 a.m.
WooCommerce < 6.6.0 - Admin+ Stored HTML Injection
2022-06-2000:00:00
Taurus Omar
wpscan.com
38
0.001 Low
EPSS
Percentile
25.0%
The plugin is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles
PoC
Go to WooCommerce -> Settings -> Payments tab, enable BAC (Bank Account Transfers) and edit the title in the setup dialog. HTML can be injected there, and will be rendered both for admins (in the admin panel) and visitors in the checkout screen.
Save changes
| CPE | Name | Operator | Version |
|---|---|---|---|
| woocommerce | lt | 6.6.0 |
Related
prion
prion
Design/Logic Flaw
2022-07-17 11:15:00
osv
osv
CVE-2022-2099
2022-07-17 11:15:08
patchstack
patchstack
cve
cve
CVE-2022-2099
2022-07-17 11:15:08
github
github
wpexploit
wpexploit
WooCommerce < 6.6.0 - Admin+ Stored HTML Injection
2022-06-20 00:00:00
cvelist
cvelist
CVE-2022-2099 WooCommerce < 6.6.0 - Admin+ Stored HTML Injection
2022-07-17 10:35:52
cnvd
cnvd
WordPress plugin WooCommerce code injection vulnerability
2022-07-19 00:00:00
openvas
openvas
WordPress WooCommerce Plugin < 6.6.0 Stored HTML Injection Vulnerability
2022-07-18 00:00:00
nvd
nvd
CVE-2022-2099
2022-07-17 11:15:08