CVE-2022-0399

The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the taxcolorsettype parameter before outputting it back in the berocketaplcolorlistener AJAX action's response, leading to a Reflected Cross-Site Scripting...

WordPress Advanced Product Labels for WooCommerce Plugin <= 1.2.4 is vulnerable to Broken Access Control

Software Advanced Product Labels for WooCommerce Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.4.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 306429b28772 Credits...

CVE-2022-0399

The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the taxcolorsettype parameter before outputting it back in the berocketaplcolorlistener AJAX action's response, leading to a Reflected Cross-Site Scripting...

CVE-2022-0399

The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the taxcolorsettype parameter before outputting it back in the berocketaplcolorlistener AJAX action's response, leading to a Reflected Cross-Site Scripting...

CVE-2022-0399

The CVE-2022-0399 entry concerns the WordPress plugin Advanced Product Labels for WooCommerce (versions before 1.2.3.7). The issue is a Reflected Cross‑Site Scripting (XSS) caused by insufficient sanitization/escaping of the tax_color_set_type parameter in the berocket_apl_color_listener AJAX res...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Advanced Product Labels for WooCommerce plugin version 1.2.3.7 has a cross-site scripting vulnerability. The vulnerability stem...