VYPR

WOOCS

by WordPress

CVEs (4)

  • CVE-2022-0234MedFeb 21, 2022
    risk 0.40cvss 6.1epss 0.02

    The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a…

  • CVE-2021-25043MedJan 10, 2022
    risk 0.40cvss 6.1epss 0.01

    The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

  • CVE-2021-24938MedDec 6, 2021
    risk 0.40cvss 6.1epss 0.01

    The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issue

  • CVE-2022-4431MedJan 16, 2023
    risk 0.35cvss 5.4epss 0.01

    The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against…