The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and previous versions for WordPress is vulnerable to Stored XSS. It allows an malicious user to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
multidots woocommerce quick reports |