Vulnerabilities (CVE)

Filtered by vendor Multidots Subscribe
Filtered by product Advance Search For Woocommerce
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11486 1 Multidots 1 Advance Search For Woocommerce 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page.