CVE-2016-10112

WooCommerce

on wordpress-plugin

Published

January 4, 2017

Severity

CVSS v3:

4.8 MEDIUM

CVSS v2:

3.5 LOW

Description

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.

References

https://wordpress.org/plugins/woocommerce/changelog/
http://www.securityfocus.com/bid/95292

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:woocommerce:woocommerce::::::wordpress::*	n/a	2.6.8 (including)	*

External Links

NVD - CVE-2016-10112