CVE-2022-2099

CWE-116CWE-94Code Injection4 documents4 sources
Severity
4.8MEDIUM
EPSS
0.6%
top 31.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown WoocommerceWoocommerce Woocommerce
Timeline
PublishedJul 17
Latest updateJul 18

Description

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages3 packages

CVEListV5unknown/woocommerce< 6.6.0
Packagistwoocommerce/woocommerce< 6.6.0

🔴Vulnerability Details

3
GHSA
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection2022-07-18
OSV
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection2022-07-18
CVEList
WooCommerce < 6.6.0 - Admin+ Stored HTML Injection2022-07-17
CVE-2022-2099 (MEDIUM CVSS 4.8) | The WooCommerce WordPress plugin be | cvebase.io