CVE-2022-0149
published 2022-02-07CVE-2022-0149: The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.
PriorityP337medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.34%
81.5th percentile
The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| visser | store_exporter_for_woocommerce | < 2.7.1 | 2.7.1 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3r84-frqg-8226: The WooCommerce WordPress plugin before 2
ghsa_unreviewed·2022-02-08
CVE-2022-0149 [MEDIUM] CWE-79 GHSA-3r84-frqg-8226: The WooCommerce WordPress plugin before 2
The WooCommerce WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.
CISA
Microsoft Internet Explorer Memory Corruption Vulnerability
cisa·2022-05-24·CVSS 8.8
CVE-2017-0149 [HIGH] CWE-119 Microsoft Internet Explorer Memory Corruption Vulnerability
Vulnerability: Microsoft Internet Explorer Memory Corruption Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-0149
Remediation Due Date: 2022-06-14
No detection rules found.
Nuclei
WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-0149 [MEDIUM] WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting
WooCommerce Stored Exporter WordPress Plugin alert(document.domain)"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100d390ab5475c6c4f2a9a1c94b96f37a625ef96bda46dae7f55c09a20b9a1e4a270220341208261e376b1bfc26b4cf3792dea768b630b57d18ce647544002685c9db7f:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2022-02-07
Published