漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Product Feed PRO for WooCommerce < 11.0.7 - Subscriber+ Settings Update to Stored XSS
Vulnerability Description
The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue (which will be triggered in the admin dashboard) due to the lack of escaping.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
WordPress plugin 跨站脚本漏洞
Vulnerability Description
WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Product Feed PRO for WooCommerce插件 1.0.7之前版本存在跨站脚本漏洞,该漏洞源于一些AJAX操作中没有授权和CSRF检查,允许任何经过身份验证的用户调用。
CVSS Information
N/A
Vulnerability Type
N/A