Posts by author: Dennis Brinkrolf

WooCommerce 3.6.4 - CSRF Bypass to Stored XSS

5 min read 8 Oct 2019 by Dennis Brinkrolf
WooCommerce is the most popular e-commerce plugin for WordPress with over 5 million installations. A flaw in the way WooCommerce handles imports of products results in a stored cross-site scripting vulnerability (XSS) that can be exploited through cross-site request forgery (CSRF).