WordPress Plugin Vulnerabilities

WooCommerce <= 2.6.3 - Stored Cross Site Scripting (XSS) via REST API

Description

The WooCommerce WordPress plugin was affected by a Stored Cross Site Scripting (XSS) via REST API security vulnerability.

Affects Plugins

Plugin icon
woocommerce
Fixed in 2.6.4

References

URL
https://hackerone.com/reports/152692
URL
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_woocommerce_wordpress_plugin.html
URL
https://seclists.org/fulldisclosure/2016/Sep/20

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
d4f7dff0-7391-4448-95dd-327f0803a9b8

Timeline

Publicly Published
2016-09-09 (about 9 years ago)
Added
2016-09-11 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2021-08-25
Title
Contact Form 7 Zoho < 1.1.8 - Reflected Cross-Site Scripting
Published
2024-10-31
Title
Simple Goods <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-11-05
Title
WS Form LITE – Drag & Drop Contact Form Builder for WordPress < 1.9.245 - Reflected Cross-Site Scripting via URL
Published
2024-12-02
Title
Futurio Extra < 2.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_size tag
Published
2024-07-08
Title
OSM – OpenStreetMap < 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode