Описание
WooCommerce Cross-Site Request Forgery (CSRF)
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.
Пакеты
Наименование
woocommerce/woocommerce
composer
Затронутые версииВерсия исправления
< 3.6.5
3.6.5
Связанные уязвимости
CVSS3: 8.8
nvd
больше 5 лет назад
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.