cvedb.io
CVE-2018-11486
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2018-06-01T15:29:00.407 · Last modified 2026-06-17T01:36:01.927

Summary

An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page.

Affected products

multidots — advance_search_for_woocommerce

Does this affect you?

Add your gear to cvedb and we'll alert you only when multidots ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.