CVE-2018-20966

Published: 12/08/2019 Updated: 15/08/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The woocommerce-jetpack plugin prior to 3.8.0 for WordPress has XSS in the Products Per Page feature.

Vulnerable Product	Search on Vulmon	Subscribe to Product
booster booster for woocommerce

This is a docker environment ready set up for multiple WooCommerce Plugin vulnerabilities.

Damn Vulnerable WooCommerce Plugins This is a docker environment ready set up for multiple WooCommerce Plugin vulnerabilities @vinulium and me created it to practice writing exploits from vulnerability descriptions The environment contains the following vulnerabilites that can be exploited: PHP Object Injection Vulnerability in Booster for WooCommerce <= 301 LFI in

CVE-2018-20966: XSS in woocommerce-jetpack < 3.8.0

CVE-2018-20966: XSS in woocommerce-jetpack < 380 Testbed for the above mentioned vulnerability

CWE-79 https://wordpress.org/plugins/woocommerce-jetpack/#developers https://nvd.nist.gov https://github.com/parzel/Damn-Vulnerable-WooCommerce-Plugins

CVE-2018-20966

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect