CVE-2016-10112
on wordpress-plugin
Published
Severity
CVSS v3:
4.8 MEDIUM
CVSS v2:
3.5 LOW
Description
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:woocommerce:woocommerce:*:*:*:*:*:wordpress:*:* | n/a | 2.6.8 (including) | * |