CVE-2022-2537 WooCommerce PDF Invoices & Packing Slips < 3.0.1 - Reflected Cross-Site Scripting

2022-08-2917:15:36

CWE-79

WPScan

www.cve.org

woocommerce

pdf invoices

packing slips

wordpress

plugin

cross-site scripting

cve-2022-2537

EPSS

0.001

Percentile

40.2%

JSON

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.

CNA Affected

[
  {
    "product": "WooCommerce PDF Invoices & Packing Slips",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.14.0*",
        "status": "affected",
        "version": "2.14.0",
        "versionType": "custom"
      },
      {
        "lessThan": "3.0.1",
        "status": "affected",
        "version": "3.0.1",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/ae613148-85d8-47a0-952d-49c29584676f

EPSS

0.001

Percentile

40.2%

JSON

Related for CVELIST:CVE-2022-2537