CVE-2018-20966Cross-site Scripting in FOR Woocommerce

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
7.0%
top 8.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Booster FOR Woocommerce
Timeline
PublishedAug 12
Latest updateMay 24

Description

The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDbooster/booster< 3.8.0

🔴Vulnerability Details

2
GHSA
GHSA-2mmc-mjmc-q3q3: The woocommerce-jetpack plugin before 32022-05-24
CVEList
CVE-2018-20966: The woocommerce-jetpack plugin before 32019-08-12
CVE-2018-20966 — Cross-site Scripting | cvebase