CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-11485

The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.9%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://labs.threatpress.com/stored-cross-site-scripting-xss-in-woocommerce-quick-reports-plugin/
http://labs.threatpress.com/stored-cross-site-scripting-xss-in-woocommerce-quick-reports-plugin/

Products affected by CVE-2018-11485

Multidots » Woocommerce Quick Reports » Version: Any

cpe:2.3:a:multidots:woocommerce_quick_reports:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-11485

Products

Pricing

Contact Us