Vulnerability Details CVE-2019-14796
The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.7%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://wordpress.org/plugins/mq-woocommerce-products-price-bulk-edit/#developers
- https://wpvulndb.com/vulnerabilities/9515
- https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-woocommerce-products-price-bulk-edit-for/
- https://wordpress.org/plugins/mq-woocommerce-products-price-bulk-edit/#developers
- https://wpvulndb.com/vulnerabilities/9515
- https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-woocommerce-products-price-bulk-edit-for/
Products affected by CVE-2019-14796
-
Mq-Woocommerce-Products-Price-Bulk-Edit Project » Mq-Woocommerce-Products-Price-Bulk-Edit » Version: 2.0cpe:2.3:a:mq-woocommerce-products-price-bulk-edit_project:mq-woocommerce-products-price-bulk-edit:2.0