4 matches found
CVE-2023-2452
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2023-2452 Advanced Woo Search <= 2.77 - Authenticated (Admin+) Stored Cross-Site Scripting
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2023-2452
CVE-2023-2452 affects the WordPress plugin Advanced Woo Search (versions ≤ 2.77). It is a stored XSS in admin settings exploitable by authenticated admins (Administrator+), with impact on multi-site installs and where unfiltered_html is disabled. The issue is due to insufficient input sanitizatio...
WordPress Advanced Woo Search Plugin <= 2.77 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Woo Search Type Plugin Vulnerable versions = 2.77 Fixed in 2.78 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2452 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2bde54a18d9f Credits Ivan Kuzymchak Require...