Lucene search

K
wpvulndbWpvulndbWPVDB-ID:57BBFB7E-CF8F-4269-8BDE-DDBC76560F95
HistoryFeb 08, 2024 - 12:00 a.m.

Portugal CTT Tracking for WooCommerce < 2.2 - Reflected Cross-Site Scripting

2024-02-0800:00:00
wpscan.com
10
portugal ctt
woocommerce
cross-site scripting
wordpress
vulnerability
input sanitization
output escaping
unauthenticated attackers
arbitrary web scripts

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.9%

Description The Portugal CTT Tracking for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CPENameOperatorVersion
eq2.2

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.9%

Related for WPVDB-ID:57BBFB7E-CF8F-4269-8BDE-DDBC76560F95