WooCommerce 2.0.20-2.3.10 - Object Injection / XXESign up to our free email alerts service for instant vulnerability notifications!
According to the researcher: The vulnerability is only present when WooCommerce’s “PayPal Identity Token” option is set.
fixed in version 2.3.11
|OWASP Top 10||A1: Injection|
|Publicly Published||2015-06-10 (almost 3 years ago)|
|Added||2015-06-10 (almost 3 years ago)|
|Last Updated||2015-06-17 (over 2 years ago)|
Copyright & License
|Copyright||All data and resources contained within this page and this web site is Copyright © The WPScan Team.|
|License||Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.|