CVE-2019-18834

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.

View Full Alert

Related Posts

  • CVE-2019-19935

    Froala Editor before 3.0.6 allows XSS. View Full Alert

  • CVE-2019-13285

    CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection. View Full Alert

  • CVE-2019-16245

    OMERO before 5.6.1 makes the details of each user available to all users. View Full Alert