➠ CVE-2022-2537 | WooCommerce PDF Invoices & Packing Slips Plugin up to 3.0.0 on WordPress Admin Page cross site scripting
A vulnerability was found in WooCommerce PDF Invoices & Packing Slips Plugin up to 3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Admin Page. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2022-2537. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component....
Zur Startseite
➤ Ähnliche Beiträge für 'CVE-2022-2537 | WooCommerce PDF Invoices & Packing Slips Plugin up to 3.0.0 on WordPress Admin Page cross site scripting'
XSS in the class meta-box
vom 4489.17 Punkte
The customer note in the meta-box is not adequately escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2
XSS in meta box order data
vom 4454.55 Punkte
Some variables are not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
XSS in WC-Cart
vom 4339.15 Punkte
The WC-cart is not properly sanitized to prevent object injection.
This vulnerability affects the following application versions:
WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
Path traversal in admin importers
vom 3916.91 Punkte
The CSV and TXT importers of taxes and products are not properly checked against path traversal attacks.
This vulnerability affects the following application versions:
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
SQL injection in the taxes API
vom 3727.51 Punkte
The API taxes are not properly escaped to prevent an SQL injection.
This vulnerability affects the following application versions:
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
XSS in metabox customer note field
vom 3496.71 Punkte
Some variables in the customer note field are not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3
Incorrect permissions at the REST API endpoint
vom 3081.26 Punkte
The REST API endpoint is not checked properly for permissions.
This vulnerability affects the following application versions:
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7
Incorrect permissions at the REST API endpoint
vom 3081.26 Punkte
The REST API endpoint is not checked properly for permissions.
This vulnerability affects the following application versions:
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7
Incorrect session handling
vom 2977.39 Punkte
The session is not properly checked if it is expired or belongs to a logged-out user.
This vulnerability affects the following application versions:
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.2
WooCommerce 3.3
Escaping added to templates and classes and usage of absolute paths to prevent XSS
vom 2815.83 Punkte
Several elements and paths weren't properly sanitized against XSS.
This vulnerability affects the following application versions:
WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
Permission check for reviews in v1 & v2 REST API
vom 2689.57 Punkte
Missing boolean checks before the permission check can lead having wrong permissions for users
This vulnerability affects the following application versions:
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5
XSS in various modules
vom 2492.7 Punkte
Some addons of WooCommerce are not properly escaped to prevent XSS attacks.
This vulnerability affects the following application versions:
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7.0