PT-2018-10603 · Multidots · Advance Search For Woocommerce

Published

2018-06-01

Updated

2018-07-02

CVE-2018-11486

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MULTIDOTS Advance Search for WooCommerce plugin versions 1.0.9 and earlier

Description The issue is related to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page.

Recommendations For MULTIDOTS Advance Search for WooCommerce plugin versions 1.0.9 and earlier, consider disabling the Custom CSS textarea field until a patch is available to prevent malicious JavaScript code injection.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-11486

Affected Products

Advance Search For Woocommerce

PT-2018-10603 · Multidots · Advance Search For Woocommerce

CVE-2018-11486

Weakness Enumeration

Related Identifiers

Affected Products

References · 3