Search criteria
6 vulnerabilities found for WooCommerce PDF Invoices & Packing Slips by Unknown
CVE-2022-2537 (GCVE-0-2022-2537)
Vulnerability from cvelistv5 – Published: 2022-08-29 17:15 – Updated: 2024-08-03 00:39
VLAI?
Title
WooCommerce PDF Invoices & Packing Slips < 3.0.1 - Reflected Cross-Site Scripting
Summary
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WooCommerce PDF Invoices & Packing Slips |
Affected:
2.14.0 , < 2.14.0*
(custom)
Affected: 3.0.1 , < 3.0.1 (custom) |
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ae613148-85d8-47a0-952d-49c29584676f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WooCommerce PDF Invoices \u0026 Packing Slips",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.14.0*",
"status": "affected",
"version": "2.14.0",
"versionType": "custom"
},
{
"lessThan": "3.0.1",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce PDF Invoices \u0026 Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T17:15:36",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/ae613148-85d8-47a0-952d-49c29584676f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WooCommerce PDF Invoices \u0026 Packing Slips \u003c 3.0.1 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2537",
"STATE": "PUBLIC",
"TITLE": "WooCommerce PDF Invoices \u0026 Packing Slips \u003c 3.0.1 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WooCommerce PDF Invoices \u0026 Packing Slips",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "2.14.0",
"version_value": "2.14.0"
},
{
"version_affected": "\u003c",
"version_name": "3.0.1",
"version_value": "3.0.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WooCommerce PDF Invoices \u0026 Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ae613148-85d8-47a0-952d-49c29584676f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ae613148-85d8-47a0-952d-49c29584676f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2537",
"datePublished": "2022-08-29T17:15:36",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T00:39:08.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2092 (GCVE-0-2022-2092)
Vulnerability from cvelistv5 – Published: 2022-07-11 12:57 – Updated: 2024-08-03 00:24
VLAI?
Title
WooCommerce PDF Invoices & Packing Slips < 2.16.0 - Reflected Cross-Site Scripting
Summary
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WooCommerce PDF Invoices & Packing Slips |
Affected:
2.16.0 , < 2.16.0
(custom)
|
Credits
ZhongFu Su(JrXnm) of WuHan University
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/87546554-276a-45fe-b2aa-b18bfc55db2d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WooCommerce PDF Invoices \u0026 Packing Slips",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "2.16.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ZhongFu Su(JrXnm) of WuHan University"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce PDF Invoices \u0026 Packing Slips WordPress plugin before 2.16.0 doesn\u0027t escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T12:57:25",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/87546554-276a-45fe-b2aa-b18bfc55db2d"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WooCommerce PDF Invoices \u0026 Packing Slips \u003c 2.16.0 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2092",
"STATE": "PUBLIC",
"TITLE": "WooCommerce PDF Invoices \u0026 Packing Slips \u003c 2.16.0 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WooCommerce PDF Invoices \u0026 Packing Slips",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.16.0",
"version_value": "2.16.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ZhongFu Su(JrXnm) of WuHan University"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WooCommerce PDF Invoices \u0026 Packing Slips WordPress plugin before 2.16.0 doesn\u0027t escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/87546554-276a-45fe-b2aa-b18bfc55db2d",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/87546554-276a-45fe-b2aa-b18bfc55db2d"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2092",
"datePublished": "2022-07-11T12:57:25",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24991 (GCVE-0-2021-24991)
Vulnerability from cvelistv5 – Published: 2022-01-03 12:49 – Updated: 2024-08-03 19:49
VLAI?
Title
WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting
Summary
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WooCommerce PDF Invoices & Packing Slips |
Affected:
2.10.5 , < 2.10.5
(custom)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/88e706df-ae03-4665-94a3-db226e1f31a9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WooCommerce PDF Invoices \u0026 Packing Slips",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.10.5",
"status": "affected",
"version": "2.10.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce PDF Invoices \u0026 Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-03T12:49:10",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/88e706df-ae03-4665-94a3-db226e1f31a9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WooCommerce PDF Invoices \u0026 Packing Slips \u003c 2.10.5 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24991",
"STATE": "PUBLIC",
"TITLE": "WooCommerce PDF Invoices \u0026 Packing Slips \u003c 2.10.5 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WooCommerce PDF Invoices \u0026 Packing Slips",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.10.5",
"version_value": "2.10.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WooCommerce PDF Invoices \u0026 Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/88e706df-ae03-4665-94a3-db226e1f31a9",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/88e706df-ae03-4665-94a3-db226e1f31a9"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24991",
"datePublished": "2022-01-03T12:49:10",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:14.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2537 (GCVE-0-2022-2537)
Vulnerability from nvd – Published: 2022-08-29 17:15 – Updated: 2024-08-03 00:39
VLAI?
Title
WooCommerce PDF Invoices & Packing Slips < 3.0.1 - Reflected Cross-Site Scripting
Summary
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WooCommerce PDF Invoices & Packing Slips |
Affected:
2.14.0 , < 2.14.0*
(custom)
Affected: 3.0.1 , < 3.0.1 (custom) |
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ae613148-85d8-47a0-952d-49c29584676f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WooCommerce PDF Invoices \u0026 Packing Slips",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.14.0*",
"status": "affected",
"version": "2.14.0",
"versionType": "custom"
},
{
"lessThan": "3.0.1",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce PDF Invoices \u0026 Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T17:15:36",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/ae613148-85d8-47a0-952d-49c29584676f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WooCommerce PDF Invoices \u0026 Packing Slips \u003c 3.0.1 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2537",
"STATE": "PUBLIC",
"TITLE": "WooCommerce PDF Invoices \u0026 Packing Slips \u003c 3.0.1 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WooCommerce PDF Invoices \u0026 Packing Slips",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "2.14.0",
"version_value": "2.14.0"
},
{
"version_affected": "\u003c",
"version_name": "3.0.1",
"version_value": "3.0.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WooCommerce PDF Invoices \u0026 Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ae613148-85d8-47a0-952d-49c29584676f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ae613148-85d8-47a0-952d-49c29584676f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2537",
"datePublished": "2022-08-29T17:15:36",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T00:39:08.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2092 (GCVE-0-2022-2092)
Vulnerability from nvd – Published: 2022-07-11 12:57 – Updated: 2024-08-03 00:24
VLAI?
Title
WooCommerce PDF Invoices & Packing Slips < 2.16.0 - Reflected Cross-Site Scripting
Summary
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WooCommerce PDF Invoices & Packing Slips |
Affected:
2.16.0 , < 2.16.0
(custom)
|
Credits
ZhongFu Su(JrXnm) of WuHan University
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/87546554-276a-45fe-b2aa-b18bfc55db2d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WooCommerce PDF Invoices \u0026 Packing Slips",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "2.16.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ZhongFu Su(JrXnm) of WuHan University"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce PDF Invoices \u0026 Packing Slips WordPress plugin before 2.16.0 doesn\u0027t escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T12:57:25",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/87546554-276a-45fe-b2aa-b18bfc55db2d"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WooCommerce PDF Invoices \u0026 Packing Slips \u003c 2.16.0 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2092",
"STATE": "PUBLIC",
"TITLE": "WooCommerce PDF Invoices \u0026 Packing Slips \u003c 2.16.0 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WooCommerce PDF Invoices \u0026 Packing Slips",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.16.0",
"version_value": "2.16.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ZhongFu Su(JrXnm) of WuHan University"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WooCommerce PDF Invoices \u0026 Packing Slips WordPress plugin before 2.16.0 doesn\u0027t escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/87546554-276a-45fe-b2aa-b18bfc55db2d",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/87546554-276a-45fe-b2aa-b18bfc55db2d"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2092",
"datePublished": "2022-07-11T12:57:25",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24991 (GCVE-0-2021-24991)
Vulnerability from nvd – Published: 2022-01-03 12:49 – Updated: 2024-08-03 19:49
VLAI?
Title
WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting
Summary
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WooCommerce PDF Invoices & Packing Slips |
Affected:
2.10.5 , < 2.10.5
(custom)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/88e706df-ae03-4665-94a3-db226e1f31a9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WooCommerce PDF Invoices \u0026 Packing Slips",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.10.5",
"status": "affected",
"version": "2.10.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce PDF Invoices \u0026 Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-03T12:49:10",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/88e706df-ae03-4665-94a3-db226e1f31a9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WooCommerce PDF Invoices \u0026 Packing Slips \u003c 2.10.5 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24991",
"STATE": "PUBLIC",
"TITLE": "WooCommerce PDF Invoices \u0026 Packing Slips \u003c 2.10.5 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WooCommerce PDF Invoices \u0026 Packing Slips",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.10.5",
"version_value": "2.10.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WooCommerce PDF Invoices \u0026 Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/88e706df-ae03-4665-94a3-db226e1f31a9",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/88e706df-ae03-4665-94a3-db226e1f31a9"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24991",
"datePublished": "2022-01-03T12:49:10",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:14.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}