Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.
References
| Link | Resource |
|---|---|
| https://woocommerce.com/products/woocommerce-subscriptions/ | Product Vendor Advisory |
| https://www.precursorsecurity.com/blog | Third Party Advisory |
| https://www.precursorsecurity.com/blog/woocommerce-subscriptions-persistent-xss-cve-2019-18834 | Exploit Third Party Advisory |
| https://woocommerce.com/products/woocommerce-subscriptions/ | Product Vendor Advisory |
| https://www.precursorsecurity.com/blog | Third Party Advisory |
| https://www.precursorsecurity.com/blog/woocommerce-subscriptions-persistent-xss-cve-2019-18834 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:33
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://woocommerce.com/products/woocommerce-subscriptions/ - Product, Vendor Advisory | |
| References | () https://www.precursorsecurity.com/blog - Third Party Advisory | |
| References | () https://www.precursorsecurity.com/blog/woocommerce-subscriptions-persistent-xss-cve-2019-18834 - Exploit, Third Party Advisory |
Information
Published : 2020-07-23 20:15
Updated : 2024-11-21 04:33
NVD link : CVE-2019-18834
Mitre link : CVE-2019-18834
CVE.ORG link : CVE-2019-18834
JSON object : View
Products Affected
woocommerce
- subscriptions
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')