Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.
References
Link | Resource |
---|---|
https://woocommerce.com/products/woocommerce-subscriptions/ | Product Vendor Advisory |
https://www.precursorsecurity.com/blog | Third Party Advisory |
https://www.precursorsecurity.com/blog/woocommerce-subscriptions-persistent-xss-cve-2019-18834 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-07-23T19:42:47
Updated: 2020-07-23T19:42:47
Reserved: 2019-11-07T00:00:00
Link: CVE-2019-18834
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-23T20:15:11.507
Modified: 2020-07-26T23:44:13.197
Link: CVE-2019-18834
JSON object: View
Redhat Information
No data.
CWE