Lucene search
WordfenceCVELIST:CVE-2021-39314HistoryDec 14, 2021 - 3:50 p.m.
CVE-2021-39314 WooCommerce EnvioPack <= 1.2 Reflected Cross-Site Scripting
2021-12-1415:50:12
CWE-79
Wordfence
www.cve.org
3
woocommerce
enviopack
vulnerability
cross-site scripting
wordpress plugin
dataid parameter
functions.php
arbitrary web scripts
version 1.2
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
30.0%
The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.
CNA Affected
[
{
"product": "WooCommerce EnvioPack",
"vendor": "WooCommerce EnvioPack",
"versions": [
{
"lessThanOrEqual": "1.2",
"status": "affected",
"version": "1.2",
"versionType": "custom"
}
]
}
]Related
patchstack
patchstack
cve
cve
CVE-2021-39314
2021-12-14 16:15:08
prion
prion
Cross site scripting
2021-12-14 16:15:00
wpvulndb
wpvulndb
WooCommerce EnvioPack <= 1.2 - Reflected Cross-Site Scripting
2021-12-14 00:00:00
cnvd
cnvd
WordPress WooCommerce EnvioPack plugin cross-site scripting vulnerability
2021-12-19 00:00:00
nvd
nvd
CVE-2021-39314
2021-12-14 16:15:08
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
30.0%
Related for CVELIST:CVE-2021-39314