CVE-2016-10112
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.
We have discovered 22,458 live websites that are affected by CVE-2016-10112.
Affected Software
| Product |  WooCommerce |
| Category | Ecommerce |
| Vulnerable Domains | 22,458 live websites (1.50% of WooCommerce install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 136 versions ( 28.22% of all versions) |
Details
- Published - Jan 4, 2017
- Updated - Aug 6, 2024
CVE References
CVE-2016-10112 usage by Country
 United States | 6,611 websites |
 Germany | 1,789 websites |
 Russia | 1,354 websites |
 France | 1,319 websites |
 GB | 949 websites |
 Italy | 752 websites |
 Vietnam | 687 websites |
 Spain | 642 websites |
 Australia | 621 websites |
 Netherlands | 573 websites |
CVE-2016-10112 usage by TLD
| .com | 10,005 websites |
| .ru | 1,113 websites |
| .co.uk | 700 websites |
| .de | 646 websites |
| .org | 585 websites |
| .it | 580 websites |
| .com.au | 531 websites |
| .net | 475 websites |
| .nl | 436 websites |
| .com.br | 419 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2016-10112
Top websites that are affected by CVE-2016-10112. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.com |  Singapore | **,*** | |
| *********.com | United States | **,*** | |
| ***********.com | GB | **,*** | |
| ****.*************.com | United States | **,*** | |
| *******.****.es | Spain | **,*** | |
| ******.com | United States | ***,*** | |
| *************.com | Germany | ***,*** | |
| ********.com | United States | ***,*** | |
| *******************.com | United States | ***,*** | |
| *************.com | United States | ***,*** |
FAQ
A total of 22,458 websites have been identified as vulnerable to CVE-2016-10112, discovered through global website indexing conducted by WebTechSurvey.
WooCommerce is susceptible to CVE-2016-10112 vulnerability.
WooCommerce versions before 2.6.9 are vulnerable to CVE-2016-10112.
Version 2.6.9 of WooCommerce addresses the CVE-2016-10112 security vulnerability.