CVE-2019-20891
EUVD-2022-515119.06.2020, 21:15
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| woocommerce | woocommerce | 𝑥 < 3.6.5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration