First published: Sun Jul 17 2022(Updated: )
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Woocommerce Woocommerce | <6.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2099 is a vulnerability in the WooCommerce WordPress plugin before version 6.6.0 that allows stored HTML injection in payment gateway titles.
CVE-2022-2099 has a severity level of medium with a CVSS score of 4.8.
CVE-2022-2099 allows attackers to inject malicious HTML code into payment gateway titles, potentially leading to cross-site scripting (XSS) attacks.
Yes, the vulnerability can be fixed by updating the WooCommerce WordPress plugin to version 6.6.0 or newer.
More information about CVE-2022-2099 can be found at the following reference: [CVE-2022-2099](https://wpscan.com/vulnerability/0316e5f3-3302-40e3-8ff4-be3423a3be7b).