Lucene search

K
wpvulndbWpvulndbWPVDB-ID:9BB6702E-7954-4F6A-9F1D-83829CDA2FB9
HistoryJan 18, 2024 - 12:00 a.m.

Stock Locations for WooCommerce < 2.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

2024-01-1800:00:00
wpscan.com
3
woocommerce
wordpress
cross-site scripting
administrator
input sanitization
output escaping
multi-site.

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

Description The Stock Locations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CPENameOperatorVersion
eq2.6.0

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

Related for WPVDB-ID:9BB6702E-7954-4F6A-9F1D-83829CDA2FB9