ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WooCommerce Product Attachment plugin <= 1.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Product
WooCommerce Product Attachment
Description
Authenticated Stored Cross-Site Scripting (XSS) vulnerability found by ThreatPress Research Team in WordPress WooCommerce Product Attachment plugin (versions <= 1.1.2).
Solution
3 June 2018 - plugin still closed by WordPress Security team, no patched version available.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
Vulnerability description
CVE
Name CVE-N/A
Versions
Affected In <= 1.1.2
Disclosure date
2018-06-03
Credits
ThreatPress
Submitter
ThreatPress