cleantalk
Vulnerabilities and Security Researches

WooCommerce Shipping & Tax, d6228e99d68810fc638ec1e0c7ddcc9b649a8527

CVE, Research URL

d6228e99d68810fc638ec1e0c7ddcc9b649a8527

Home page URL

Security reports for WooCommerce Shipping & Tax

Application

WooCommerce Shipping & Tax

Published on
May 24, 2023
Research Description
WooCommerce Shipping &amp; Tax [woocommerce-services] < 2.2.5 WordPress WooCommerce Shipping & Tax Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS) Update the WordPress WooCommerce Shipping & Tax plugin to the latest available version (at least 2.2.5). Unknown discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress WooCommerce Shipping & Tax Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.2.5.
Affected versions
Min -, max 2.2.5.
Status
vulnerable
Previous vulnerability researches
WooCommerce Shipping &amp; Tax (d6228e99d68810fc638ec1e0c7ddcc9b649a8527) , Jun 07, 2024
WooCommerce Shipping &amp; Tax , Apr 21, 2025
New vulnerability
Tainacan (CVE-2025-47512) , May 25, 2025
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2025-4223) , May 25, 2025
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2024-13427) , May 25, 2025
miniOrange Discord Integration (CVE-2025-47672) , May 25, 2025
4stats (CVE-2025-3869) , May 24, 2025