PPOM for WooCommerce <= 18.3 – Authenticated Stored XSS | CVE 2019-14948

Affects Plugins

Fixed in 18.4

References

CVE

CVE-2019-14948

URL

https://plugins.trac.wordpress.org/changeset?new=2137288%40woocommerce-product-addon&old=2128869%40woocommerce-product-addon

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.4 (medium)

Miscellaneous

Verified

No

WPVDB ID

1018e4b9-d09e-4418-a2b6-8c86660099ab

Timeline

Publicly Published

2019-08-10 (about 4 years ago)

Added

2019-08-10 (about 4 years ago)

Last Updated

2020-09-22 (about 3 years ago)

Other

Published

Title

Published

2014-08-01

Title

I Love It - VideoJS Cross-Site Scripting

Published

2024-03-25

Title

Woo Viet < 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2024-01-22

Title

Popup Box Pro < 20.9.0 - Admin+ Stored XSS

Published

2024-03-15

Title

ElementsKit Elementor addons < 3.0.6 - Contributor+ Stored XSS

Published

2021-09-08

Title

WP Academic People List <= 0.4.1 - Reflected Cross-Site Scripting