3 matches found
CVE-2022-0397
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlistquickview AJAX action's response available to any authenticated user, leading to a Reflected Cross-Site Scripting...
CVE-2022-0397 WPC Smart Wishlist for WooCommerce < 2.9.4 - Reflected Cross-Site Scripting
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlistquickview AJAX action's response available to any authenticated user, leading to a Reflected Cross-Site Scripting...
CVE-2022-0397
The CVE-2022-0397 entry concerns the WordPress plugin WPC Smart Wishlist for WooCommerce (versions prior to 2.9.4). The issue is a lack of sanitisation/escaping of the key parameter in the wishlist_quickview AJAX response, which can lead to a Reflected Cross‑Site Scripting vulnerability accessibl...