CVE-2023-47777
WordPress WooCommerce and WooCommerce Blocks plugins - Auth. Cross-Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1.
We have discovered 784,050 live websites that are affected by CVE-2023-47777.
Affected Software
| Product |  WooCommerce |
| Category | Ecommerce |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 582 |
| Vulnerable Domains | 784,050 live websites (60.67% of WooCommerce install base) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Details
- Published - Nov 30, 2023
- Updated - Nov 30, 2023
Credits
- Rafie Muhammad (Patchstack) (finder)
CWE
CVE References
CWE References
Countries
 United States | 187,629 websites |
 Germany | 44,372 websites |
 France | 43,101 websites |
 GB | 39,379 websites |
 Italy | 39,180 websites |
 Russia | 29,118 websites |
 Spain | 28,289 websites |
 Netherlands | 24,641 websites |
 Vietnam | 22,547 websites |
 Australia | 19,372 websites |
TLDs
| .com | 351,975 websites |
| .it | 25,143 websites |
| .ru | 22,707 websites |
| .co.uk | 22,644 websites |
| .de | 21,906 websites |
| .org | 20,764 websites |
| .nl | 19,076 websites |
| .fr | 15,820 websites |
| .com.au | 14,780 websites |
| .net | 14,694 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redReferences
- https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-1-1-contributor-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/woo-gutenberg-products-block/wordpress-woocommerce-blocks-plugin-11-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve
Websites affected by CVE-2023-47777
Top websites that are affected by CVE-2023-47777. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.at |  Austria | *,*** | |
| ***.***.com | United States | *,*** | |
| ************.com | United States | *,*** | |
| ***.***********.com | Italy | *,*** | |
| ***********.com | Germany | *,*** | |
| ***********.com | United States | *,*** | |
| *****************.com | United States | *,*** | |
| ***.*************.com | United States | *,*** | |
| ***.*************.com | United States | *,*** | |
| **********.com | United States | *,*** |