CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10987 – افزونه پیامک ووکامرس Persian WooCommerce SMS < 3.3.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10987
The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS. El plugin persian-woocommerce-sms versiones anteriores a 3.3.4 para WordPress, presenta una vulnerabilidad de tipo XSS del parámetro ps_sms_numbers. The persian-woocommerce-sms plugin before 3.3.3 for WordPress has ps_sms_numbers XSS. • https://0x62626262.wordpress.com/2016/04/21/persian-woocommerce-sms-xss-vulnerability https://wordpress.org/plugins/persian-woocommerce-sms/#developers https://wpvulndb.com/vulnerabilities/8463 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2329 – WooCommerce <= 2.3.5 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-2329
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin WooCommerce en versiones anteriores a la 2.3.6 para WordPress permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante un pedido manipulado. • https://fortiguard.com/zeroday/FG-VD-15-020 https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-4549 – WooCommerce SagePay Direct Payment Gateway < 0.1.6.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4549
Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter. Múltiples vulnerabilidades de XSS en pages/3DComplete.php en el plugin WooCommerce SagePay Direct Payment Gateway anterior a 0.1.6.7 para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) MD o (2) PARes. • http://codevigilant.com/disclosure/wp-plugin-sagepay-direct-for-woocommerce-payment-gateway-a3-cross-site-scripting-xss http://wordpress.org/plugins/sagepay-direct-for-woocommerce-payment-gateway/changelog http://www.securityfocus.com/bid/65355 https://github.com/wp-plugins/sagepay-direct-for-woocommerce-payment-gateway/commit/9c6cf939c6c25377c285439b92ef2bb5ebda9db6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •