CVE-2014-6313
on wordpress-plugin
Published
Severity
CVSS v3:
N/A
CVSS v2:
4.3 MEDIUM
Description
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php.
References
Configurations
| CPE23 | Version Start | Version End | Exact Version |
|---|---|---|---|
| cpe:2.3:a:woothemes:woocommerce_plugin:2.2.1:*:*:*:*:wordpress:*:* | n/a | n/a | 2.2.1 |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.9:*:*:*:*:wordpress:*:* | n/a | n/a | 2.1.9 |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.10:*:*:*:*:wordpress:*:* | n/a | n/a | 2.1.10 |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.0:*:*:*:*:wordpress:*:* | n/a | n/a | 2.1.0 |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.11:*:*:*:*:wordpress:*:* | n/a | n/a | 2.1.11 |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.8:*:*:*:*:wordpress:*:* | n/a | n/a | 2.1.8 |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.5:*:*:*:*:wordpress:*:* | n/a | n/a | 2.1.5 |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.3:*:*:*:*:wordpress:*:* | n/a | n/a | 2.1.3 |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.6:*:*:*:*:wordpress:*:* | n/a | n/a | 2.1.6 |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.1:*:*:*:*:wordpress:*:* | n/a | n/a | 2.1.1 |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.2:*:*:*:*:wordpress:*:* | n/a | n/a | 2.1.2 |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.7:*:*:*:*:wordpress:*:* | n/a | n/a | 2.1.7 |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.4:*:*:*:*:wordpress:*:* | n/a | n/a | 2.1.4 |
| cpe:2.3:a:woothemes:woocommerce_plugin:*:*:*:*:*:wordpress:*:* | n/a | 2.2.2 (including) | * |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.12:*:*:*:*:wordpress:*:* | n/a | n/a | 2.1.12 |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.2.0:*:*:*:*:wordpress:*:* | n/a | n/a | 2.2.0 |