PT-2018-10603 · Multidots · Advance Search For Woocommerce

Publicado

2018-06-01

Atualizado

2018-07-02

CVE-2018-11486

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MULTIDOTS Advance Search for WooCommerce plugin versions 1.0.9 and earlier

Description The issue is related to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page.

Recommendations For MULTIDOTS Advance Search for WooCommerce plugin versions 1.0.9 and earlier, consider disabling the Custom CSS textarea field until a patch is available to prevent malicious JavaScript code injection.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-11486

Produtos afetados

Advance Search For Woocommerce

PT-2018-10603 · Multidots · Advance Search For Woocommerce

CVE-2018-11486

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3