MidnightBSD

Advisories for woothemes

CVE-2014-6313 MEDIUM

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
woothemes woocommerce_plugin 2.1.10
woothemes woocommerce_plugin 2.1.11
woothemes woocommerce_plugin 2.1.0
woothemes woocommerce_plugin 2.1.3
woothemes woocommerce_plugin 2.1.5
woothemes woocommerce_plugin 2.1.8
woothemes woocommerce_plugin 2.1.6
woothemes woocommerce_plugin 2.1.4
woothemes woocommerce_plugin 2.1.9
woothemes woocommerce_plugin 2.2.0
woothemes woocommerce_plugin *
woothemes woocommerce_plugin 2.1.2
woothemes woocommerce_plugin 2.1.7
woothemes woocommerce_plugin 2.1.1
woothemes woocommerce_plugin 2.2.1
woothemes woocommerce_plugin 2.1.12
CVE-2015-2069 MEDIUM

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
woothemes woocommerce *