High severity8.8NVD Advisory· Published Jun 19, 2020· Updated Jun 17, 2026
CVE-2019-20891
CVE-2019-20891
Description
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
woocommerce/woocommercePackagist | < 3.6.5 | 3.6.5 |
Affected products
2- WooCommerce/WooCommercedescription
Patches
Vulnerability mechanics
References
6- blog.ripstech.com/2019/woocommerce-csrf-to-stored-xss/nvdThird Party Advisory
- github.com/advisories/GHSA-rcmf-88p4-9wrgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-20891ghsaADVISORY
- raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txtnvdRelease NotesThird Party AdvisoryWEB
- blog.ripstech.com/2019/woocommerce-csrf-to-stored-xssghsaWEB
- github.com/woocommerce/woocommerce/commit/fd7feb778eb45a2eb92b45eb2b4ee96ea3ac6fe7ghsaWEB
News mentions
0No linked articles in our index yet.