WordPress Plugin Vulnerabilities

WooCommerce <= 2.6.8 - Authenticated Tax-Rate CSV XSS

Description

The WooCommerce WordPress plugin was affected by an Authenticated Tax-Rate CSV XSS security vulnerability.

Affects Plugins

Plugin icon
woocommerce
Fixed in 2.6.9

References

CVE
CVE-2016-10112
URL
https://fortiguard.com/zeroday/FG-VD-15-020
URL
https://www.fortinet.com/blog/threat-research/woocommerce-tax-rates-cross-site-scripting-vulnerability2.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
037bf4b0-889e-4af3-8ede-efbd5f71f3e3

Timeline

Publicly Published
2016-12-07 (about 7 years ago)
Added
2017-01-04 (about 7 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2023-03-22
Title
W4 Post List < 2.4.6 - Reflected XSS
Published
2023-01-23
Title
Oi Yandex.Maps <= 3.2.7 - Contributor+ Stored XSS
Published
2024-04-15
Title
Shortcodes and extra features for Phlox theme <= 2.15.5 - Contributor+ XSS via HTML Element
Published
2023-11-22
Title
GS Team Members < 2.2.4 - Contributor+ Stored XSS
Published
2010-11-01
Title
Cforms <= 13.1 - 'lib_ajax.php' Cross-Site Scripting (XSS)