CVE-2022-2099

WooCommerce < 6.6.0 - Admin+ Stored HTML Injection

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles

We have discovered 474,939 live websites that are affected by CVE-2022-2099.

Affected Software


Product	WooCommerce
Category	Ecommerce
Vulnerable Versions	from 0 before 6.6
Total Vulnerable Versions	582
Vulnerable Domains	474,939 live websites (36.75% of WooCommerce install base)

Common Weakness Enumeration

CWE-116 Improper Encoding or Escaping of Output

Available Reports

Website List

Details

Published - Jul 17, 2022
Updated - Jul 4, 2023

Credits

Taurus Omar (finder)
WPScan (coordinator)

CWE

CWE-116

CVE References

CWE References

cwe.mitre.org

Countries

United States	113,367 websites

Italy	25,647 websites
Germany	25,525 websites
France	25,384 websites
GB	22,313 websites
Russia	22,221 websites
Spain	17,003 websites
Vietnam	15,198 websites
Netherlands	13,275 websites
Poland	11,652 websites

TLDs

.com	213,642 websites
.ru	17,369 websites
.it	16,440 websites
.co.uk	12,975 websites
.org	12,112 websites
.de	12,107 websites
.nl	10,119 websites
.fr	9,270 websites
.net	9,043 websites
.com.br	8,772 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

References

https://wpscan.com/vulnerability/0316e5f3-3302-40e3-8ff4-be3423a3be7b

Websites affected by CVE-2022-2099

Top websites that are affected by CVE-2022-2099. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
*.*.com	United States	,**
*.*********.com	Italy	,**
***********.com	United States	,**
*****************.com	United States	,**
*.***********.com	United States	,**
***.com	United States	,**
*********.com	United States	,**
*******.com	United States	,**
*.********.com	United States	,**
*********.com	Netherlands	,*

See full domain list