CVE-2018-11485 – Advance Search for WooCommerce < 1.1 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-11485

The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order. El plugin WooCommerce Quick Reports en versiones 1.0.6 y anteriores de MULTIDOTS para WordPress es vulnerable a Cross-Site Scripting (XSS) persistente. Permite que un atacante inyecte código JavaScript en la página de administrador WooCommerce -> Orders. • http://labs.threatpress.com/stored-cross-site-scripting-xss-in-woocommerce-quick-reports-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •