Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.11 views

CVE-2022-0426

The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the wooseacategoriesdropdown AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...

5.4CVSS6.5AI score0.00742EPSS
Exploits2References1
NVD
NVD
added 2022/03/07 9:15 a.m.19 views

CVE-2022-0426

The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the wooseacategoriesdropdown AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...

5.4CVSS0.00742EPSS
Exploits2References2
CVE
CVE
added 2022/03/07 8:16 a.m.94 views

CVE-2022-0426

CVE-2022-0426 affects WordPress Product Feed PRO for WooCommerce plugin versions before 11.2.3. The vulnerability arises because the rowCount parameter is not escaped before being echoed in the woosea_categories_dropdown AJAX action, which is available to any authenticated user, enabling reflecte...

5.4CVSS5.3AI score0.00742EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2022/03/07 8:16 a.m.19 views

CVE-2022-0426 Product Feed PRO for WooCommerce < 11.2.3 - Reflected Cross-Site Scripting

The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the wooseacategoriesdropdown AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...

5.6AI score0.00742EPSS
Exploits2References2
Rows per page
Query Builder