Woocommerce reviews xss issue [closed]

Go ahead and disable WooCommerce and comment on a post; you can do the same thing because you’re logged in as admin. Admin users are able to post unfiltered content. If you repeat the test logged out, you’ll notice you’re not able to exploit anything.

See this trac ticket from WordPress https://core.trac.wordpress.org/ticket/33402

And this article on make.wordpress https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-some-users-allowed-to-post-unfiltered-html

For future reference, please report security issues responsibly rather than publicly – use https://hackerone.com/automattic

Related Posts:

  1. WooCommerce showing star rating review instead of text review string
  2. Woocommerce: custom loop in product tabs breaks reviews tab
  3. Add starts rating in woocommerce product comment from backend
  4. Woocommerce API security concerns
  5. WooCommerce Review Author Hook on Review Submission
  6. Add button linked to single product page on order detail page
  7. Testimonials/Reviews for Products
  8. Which php files, in a WordPress setup, do not need direct web access?
  9. WooCommerce Webhook Action When a New Product Review was Submitted/Created
  10. Woocommerce – Add a product to cart programmatically via JS or PHP [closed]
  11. ( Woocommerce) How to get the user belonging to an order? [closed]
  12. Get the product list of a given Category ID
  13. List of JS events in the WooCommerce frontend
  14. get woocommerce My account page link
  15. WooCommerce: How to edit the get_price_html
  16. Get woocommerce product price by id [closed]
  17. Product categories don’t appear as option to build menu
  18. WooCommerce Variable Product Price not showing on single product page
  19. How to override WooCommerce template files?
  20. Woocommerce add extra field to variation product
  21. Getting the gallery images from products in woocommerce?
  22. How to get current product category ID in product archive page
  23. Get url of product’s images (woocommerce)
  24. WooCommerce prices location in DB
  25. Order by rating not works in wp_query
  26. Woocommerce: How to remove page-title at the home/shop page but not category pages
  27. Woocommerce show cross sells on singe product page [closed]
  28. How to add a new endpoint in woocommerce
  29. Are there any hook or filter when refund is done through admin -woocommerce
  30. How to check if is in cart page? [closed]
  31. Display single product attribute value on Shop page (Woocommerce)
  32. WP/WooCommerce REST API cart/checkout/order [closed]
  33. how to use wc_create_order with subscription product
  34. WooCommerce: Webhook disabled on its own
  35. Share users and WooCommerce memberships between two installations
  36. Slow Loading Attribute Select – WooCommerce Backend
  37. WooCommerce: Can’t use wc_get_products for custom REST API endpoints
  38. How to change or add Woocommerce thank you page URL key content?
  39. How can I define a custom template for woocommerce [products] shortcode? [closed]
  40. How to remove an action within a class with extends
  41. single-product.php template not working for single products [closed]
  42. Insert variations via woocommerce api [closed]
  43. WooCommerce get physical store address
  44. Is it possible to add custom fields to a WooCommerce attribute term? [closed]
  45. wc_get_template_part( ‘content’, ‘product’ ) | Where is this file located?
  46. how to get woocommerce product attribute slug
  47. Correct function to get the user’s latest Woocommerce Subscription?
  48. Move payment options at checkout in WooCommerce [closed]
  49. add_filter to modify woocommerce_cart_item_name hyperlink
  50. Where do the cart details are stored in database?
  51. How to display product price of the product in loop
  52. How to disable Woocommerce password recovery and use the default WordPress password reset page?
  53. Display order items names in WooCommerce admin orders list [closed]
  54. Is it safe to delete from db orphaned posts i.e. whose post_parent no longer exists?
  55. Add custom variable to cart content [closed]
  56. Get product details by url key in WordPress woocommerce
  57. Get product link
  58. WooCommerce – Hook after Loading Variation in Admin Edit page?
  59. How to delete woo commerce order pragmatically? [closed]
  60. WooCommerce changes lost password reset link
  61. Process checkout using WC REST API
  62. How to get rid of the hover zoom in WooCommerce single products
  63. How do I display certain products via their category on a section of a page using PHP?
  64. How to turn off WooCommerce user registration and manually create accounts?
  65. What’s the difference between WC() and $woocommerce
  66. Display orders instead of woocommerce my account dashboard for logged in users [closed]
  67. Limit users to one active subscription in WooCommerce Subscriptions? [closed]
  68. Detect whether a page is a product subcategory page?
  69. Hidden woocommerce products still showing up in search results [closed]
  70. Menu not show woocommerce product category
  71. Orders being sent to wrong admin email in WooCommerce [closed]
  72. WooCommerce: add different order item meta for each item in order
  73. Remember page before login page, redirect to that page after login
  74. Woocommerce 3.1 Add product image to order confirmation email not working
  75. Where is the “default attribute” values located in the phpMyAdmin in Woocommerce?
  76. Woocommerce My Account Endpoint – how to get ID parameter from URL?
  77. Hook and send Woocommerce data after click Place Order button
  78. Woo-commerce | Disable proceed to checkout button in cart page if total in cart less than 15 [closed]
  79. Fatal Error when installing woocommerce despite upgrading
  80. Adding an action within a function that is being called by add_filter
  81. WooCommerce conditional meta query
  82. Default woocommerce placeholder image
  83. How to build a plugin that supports authenticated POST requests to the REST API from external servers?
  84. Hide certain tags on Product Edit tag cloud
  85. WooCommerce: Add New Report Tab
  86. WooCommerce Change Product Global Attribute Value via CRUD for Simple Product [closed]
  87. How to get values from woocommerce admin input fields?
  88. Show only geolocated user country into Woocommerce checkout country fields
  89. Search results don’t show products
  90. Optimizing Woocommerce order items query
  91. What is the right hook to use in WooCommerce for handling the post of the sale price?
  92. Add a custom button with custom link after add to cart for every product
  93. How to add Woocomrce cart page shipping calculator to my country state list
  94. When Free shipping is available hide other shipping methods except Local pickup in WooCommerce [closed]
  95. Programmatically change Payment Methods WooCommerce
  96. Get WooCommerce Email Classes in Backend
  97. Use Hooks to Limit One Comment Per User Per Post – Hide Form if Already Commented
  98. Display WooCommerce size product attribute on shop page
  99. Woocommerce Multisite Search Mod to archive.php but no pagination
  100. Extend Woocommerce rest api routes fails
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)