Lucene search
Jeremie AmsellemWPVDB-ID:76F0257D-AAE7-4054-9B3D-BA10B4005CF1HistoryDec 01, 2021 - 12:00 a.m.
Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module
2021-12-0100:00:00
Jeremie Amsellem
wpscan.com
8
woocommerce
booster
cross-site scripting
product xml feeds
reflected
security issue
EPSS
0.001
Percentile
43.7%
The plugin does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue
PoC
The “Product XML Feeds” module needs to be enabled in “Woocommerce -> Booster Settings”. https://example.com/wp-admin/admin.php?page=wc-settings&tab;=jetpack&wcj-cat;=products&section;=products_xml&wcj;_create_products_xml_result=1
Related
cvelist
cvelist
prion
prion
Cross site scripting
2022-01-03 13:15:00
cve
cve
CVE-2021-25001
2022-01-03 13:15:08
wpexploit
wpexploit
nvd
nvd
CVE-2021-25001
2022-01-03 13:15:08
patchstack
patchstack
cnvd
cnvd
WordPress Booster for WooCommerce plugin cross-site scripting vulnerability
2022-01-06 00:00:00