Vulnerabilities > Woocommerce > Subscriptions > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-23 CVE-2019-18834 Cross-site Scripting vulnerability in Woocommerce Subscriptions
Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.
network
low complexity
woocommerce CWE-79
6.1