Unrated severityNVD Advisory· Published Jun 1, 2018· Updated Aug 5, 2024

CVE-2018-11485

Description

The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order.

Affected products

WordPress/Woocommerce Quick Reportsinferred2 versions
<=1.0.6+ 1 more
- (no CPE)range: <=1.0.6
- (no CPE)range: <=1.0.6
Package: https://wordpress.org/plugins/woocommerce-quick-reports

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

labs.threatpress.com/stored-cross-site-scripting-xss-in-woocommerce-quick-reports-plugin/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000