CVE-2021-24323 – Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24323
When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled Cuando la opción taxes está habilitada, el campo "Additional tax classes" no es saneado apropiadamente antes de ser devuelto en el panel de administración, permitiendo a usuarios con altos privilegios, tales como el administrador, usar cargas útiles XSS incluso cuando el parámetro unfiltered_html está deshabilitado The WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Additional tax classes' field when the tax functionality of WooCommerce is enabled in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/6d262555-7ae4-4e36-add6-4baa34dc3010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-20891
https://notcve.org/view.php?id=CVE-2019-20891
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. WooCommerce versiones anteriores a 3.6.5, cuando maneja las importaciones CSV de productos, presenta un problema de tipo cross-site request forgery (CSRF) con un cross-site scripting (XSS) almacenado resultante (Un ataque de tipo XSS) por medio del archivo includes/admin/importers/class-wc-product-csv-importer-controller.php • https://blog.ripstech.com/2019/woocommerce-csrf-to-stored-xss https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-29156 – WooCommerce < 4.7.0 - Insecure Direct Object Reference via order_id Parameter
https://notcve.org/view.php?id=CVE-2020-29156
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. El plugin WooCommerce versiones anteriores a 4.7.0 para WordPress, permite a atacantes remotos visualizar el estado de pedidos arbitrarios por medio del parámetro order_id en una acción fetch_order_status • https://github.com/Ko-kn3t/CVE-2020-29156 https://raw.githubusercontent.com/woocommerce/woocommerce/master/changelog.txt • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2019-9168 – WooCommerce <= 3.5.4 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-9168
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. WooCommerce, en versiones anteriores a la 3.5.5, permite Cross-Site Scripting (XSS) mediante una leyenda de Photoswipe. • https://woocommerce.wordpress.com/2019/02/20/woocommerce-3-5-5-security-fix-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20714 – WooCommerce <= 3.4.5 - WooCommerce File Deletion
https://notcve.org/view.php?id=CVE-2018-20714
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin. El sistema de registros del plugin Automattic WooCommerce, en versiones anteriores a la 3.4.6 para WordPress, es vulnerable a la eliminación de archivos. Esto permite la eliminación de woocommerce.php, lo que conduce a que no existan ciertas comprobaciones de privilegios y, por lo tanto, un gerente de tienda puede escalar privilegios a administrador. • https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •