CVE-2023-31094 WordPress Stock Sync for WooCommerce Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

2023-08-1812:50:58

CWE-79

Patchstack

www.cve.org

wordpress

woocommerce

plugin

vulnerable

cross site scripting

xss

lauri karisola

wp trio

cve-2023-31094

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.1%

JSON

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce plugin <= 2.4.0 versions.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "stock-sync-for-woocommerce",
    "product": "Stock Sync for WooCommerce",
    "vendor": "Lauri Karisola / WP Trio",
    "versions": [
      {
        "changes": [
          {
            "at": "2.4.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.4.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/stock-sync-for-woocommerce/wordpress-stock-sync-for-woocommerce-plugin-2-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve