Multidots: >> Woocommerce Quick Reports Security Vulnerabilities
The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-01