Lucene search
Erwan LR (WPScan)WPEX-ID:2CBABDE8-1E3E-4205-8A5C-B889447236A0HistoryMar 11, 2024 - 12:00 a.m.
WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS
2024-03-1100:00:00
Erwan LR (WPScan)
23
woocommerce
product filter
admin
stored
xss
exploit
security
Description The plugin does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
As and admin, create a filter with the following payload as name: "><svg/onload=alert(/XSS/)>
The XSS will be triggered in the Product Filters table (ie /wp-admin/admin.php?page=wpf_search)Related
cvelist
cvelist
CVE-2024-2278 WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS
2024-04-01 05:00:02
cve
cve
CVE-2024-2278
2024-04-01 05:15:08
wpvulndb
wpvulndb
WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS
2024-03-11 00:00:00
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
8.7%
Related for WPEX-ID:2CBABDE8-1E3E-4205-8A5C-B889447236A0