CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10112 – WooCommerce <= 2.6.8 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10112
07 Dec 2016 — Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format. Vulnerabilidad de XSS en el plugin WooCommerce en versiones anteriores a 2.6.9 para WordPress permite a administradores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios proporcionando valores de tabla tax-rate manipulados en formato CSV. • http://www.securityfocus.com/bid/95292 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10987 – افزونه پیامک ووکامرس Persian WooCommerce SMS < 3.3.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10987
21 Apr 2016 — The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS. El plugin persian-woocommerce-sms versiones anteriores a 3.3.4 para WordPress, presenta una vulnerabilidad de tipo XSS del parámetro ps_sms_numbers. The persian-woocommerce-sms plugin before 3.3.3 for WordPress has ps_sms_numbers XSS. • https://0x62626262.wordpress.com/2016/04/21/persian-woocommerce-sms-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10104 – Icons for Features Plugin class-icons-for-features-admin.php redirect
https://notcve.org/view.php?id=CVE-2015-10104
22 Apr 2015 — A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. • https://github.com/wp-plugins/icons-for-features/commit/63124c021ae24b68e56872530df26eb4268ad633 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10112 – WooFramework Branding Plugin wooframework-branding.php admin_screen_logic redirect
https://notcve.org/view.php?id=CVE-2015-10112
22 Apr 2015 — A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. • https://github.com/wp-plugins/wooframework-branding/commit/f12fccd7b5eaf66442346f748c901ef504742f78 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10113 – WooFramework Tweaks Plugin wooframework-tweaks.php admin_screen_logic redirect
https://notcve.org/view.php?id=CVE-2015-10113
22 Apr 2015 — A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. • https://github.com/wp-plugins/wooframework-tweaks/commit/3b57d405149c1a59d1119da6e0bb8212732c9c88 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10114 – WooSidebars Plugin class-woo-sidebars.php enable_custom_post_sidebars redirect
https://notcve.org/view.php?id=CVE-2015-10114
22 Apr 2015 — A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to open redirect. The attack may be launched remotely. Upgrading to version 1.4.2 is able to address this issue. • https://github.com/wp-plugins/woosidebars/commit/1ac6d6ac26e185673f95fc1ccc56a392169ba601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10115 – WooSidebars Sidebar Manager Converter Plugin class-woosidebars-sbm-converter.php process_request redirect
https://notcve.org/view.php?id=CVE-2015-10115
22 Apr 2015 — A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to initiate the attack remotely. Upgrading to version 1.1.2 is able to address this issue. • https://github.com/wp-plugins/woosidebars-sbm-converter/commit/a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2329 – WooCommerce <= 2.3.5 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-2329
13 Mar 2015 — Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin WooCommerce en versiones anteriores a la 2.3.6 para WordPress permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante un pedido manipulado. • https://fortiguard.com/zeroday/FG-VD-15-020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-4549 – WooCommerce SagePay Direct Payment Gateway < 0.1.6.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4549
25 May 2014 — Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter. Múltiples vulnerabilidades de XSS en pages/3DComplete.php en el plugin WooCommerce SagePay Direct Payment Gateway anterior a 0.1.6.7 para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del pará... • http://codevigilant.com/disclosure/wp-plugin-sagepay-direct-for-woocommerce-payment-gateway-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •