Lucene search

Utkarsh AgrawalPATCHSTACK:9A6EB10E7109830566A2E64A31B238E8

HistoryApr 25, 2022 - 12:00 a.m.

WordPress WPC Smart Wishlist for WooCommerce plugin <= 2.9.8 - Reflected Cross-Site Scripting (XSS) vulnerability

2022-04-2500:00:00

Utkarsh Agrawal

patchstack.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Reflected Cross-Site Scripting (XSS) vulnerability discovered by Utkarsh Agrawal in WordPress WPC Smart Wishlist for WooCommerce plugin (versions <= 2.9.8).

Solution

           Update the WordPress WPC Smart Wishlist for WooCommerce plugin to the latest available version (at least 2.9.9).

CPENameOperatorVersion
wpc smart wishlist for woocommercele2.9.8

CPE	Name	Operator	Version
	wpc smart wishlist for woocommerce	le	2.9.8

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1465

wordpress.org/plugins/woo-smart-wishlist/#developers

wpscan.com/vulnerability/6781033a-f166-4198-874f-3e142854daf7

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for PATCHSTACK:9A6EB10E7109830566A2E64A31B238E8