4 matches found
CVE-2022-0426
The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the wooseacategoriesdropdown AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...
CVE-2022-0426
The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the wooseacategoriesdropdown AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...
CVE-2022-0426
CVE-2022-0426 affects WordPress Product Feed PRO for WooCommerce plugin versions before 11.2.3. The vulnerability arises because the rowCount parameter is not escaped before being echoed in the woosea_categories_dropdown AJAX action, which is available to any authenticated user, enabling reflecte...
CVE-2022-0426 Product Feed PRO for WooCommerce < 11.2.3 - Reflected Cross-Site Scripting
The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the wooseacategoriesdropdown AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...