3 matches found
CVE-2025-2302
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's awssearchterms shortcode in all versions up to, and including, 3.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-2302
creationtimestamp| type| source ---|---|--- 2025-03-26 00:25:04+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8791 2025-03-26 01:05:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3llalqxlw5y2k 2025-03-26 03:51:26+00:00| seen| https://t.me/cvedetector/21...
CVE-2025-2302 Advanced Woo Search <= 3.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via aws_search_terms Shortcode
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's awssearchterms shortcode in all versions up to, and including, 3.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...