WordPress Plugin Vulnerabilities

WooCommerce 2.0.20-2.3.10 - Object Injection / XXE

Description

According to the researcher: The vulnerability is only present when WooCommerce’s "PayPal Identity Token" option is set.

Affects Plugins

Plugin icon
woocommerce
Fixed in 2.3.11

References

URL
https://blog.sucuri.net/2015/06/security-advisory-object-injection-vulnerability-in-woocommerce.html

Classification

Type
XXE
OWASP top 10
A4: XML External Entities (XXE)
CWE
CWE-611

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
9d4d6f49-5e02-4424-860e-f41453c9d7cf

Timeline

Publicly Published
2015-06-10 (about 10 years ago)
Added
2015-06-10 (about 10 years ago)
Last Updated
2021-01-19 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Advanced XML Reader 0.1.1 - XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
Published
2025-06-03
Title
Category Icon <= 1.0.3 - Author+ XML External Entity Injection
Published
2024-10-07
Title
TablePress < 2.4.3 - XXE Injection
Published
2017-11-14
Title
TablePress <= 1.8 - Authenticated XML External Entity (XXE)
Published
2013-06-21
Title
WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE)