CVE-2014-6313
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
14/10/2014
Last modified:
12/04/2025
Description
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:woothemes:woocommerce_plugin:*:*:*:*:*:wordpress:*:* | 2.2.2 (including) | |
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.0:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.1:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.2:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.3:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.4:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.5:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.6:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.7:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.8:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.9:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.10:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.11:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:woothemes:woocommerce_plugin:2.1.12:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:woothemes:woocommerce_plugin:2.2.0:*:*:*:*:wordpress:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/fulldisclosure/2014/Sep/59
- http://secunia.com/advisories/61377
- https://security.dxw.com/advisories/reflected-xss-in-woocommerce-excelling-ecommerce-allows-attackers-ability-to-do-almost-anything-an-admin-user-can-do
- https://wordpress.org/plugins/woocommerce/changelog
- http://seclists.org/fulldisclosure/2014/Sep/59
- http://secunia.com/advisories/61377
- https://security.dxw.com/advisories/reflected-xss-in-woocommerce-excelling-ecommerce-allows-attackers-ability-to-do-almost-anything-an-admin-user-can-do
- https://wordpress.org/plugins/woocommerce/changelog