Lucene search
Jeremie AmsellemWPVDB-ID:8527F4FE-312F-45C1-AE4C-7E799702FC26HistoryDec 01, 2021 - 12:00 a.m.
Booster for Woocommerce < 5.4.9 - Reflected Cross-Site Scripting in PDF Invoicing Module
2021-12-0100:00:00
Jeremie Amsellem
wpscan.com
6
0.001 Low
EPSS
Percentile
40.3%
The plugin does not sanitise and escape the wcj_notice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting
PoC
With the PDF Invoicing module active: https://example.com/wp-admin/edit.php?post_type=shop_order&paged;=1&generated;=1&generated;_type=invoice&generated;_invoice=1&post;_status=all&wcj;_notice=
| CPE | Name | Operator | Version |
|---|---|---|---|
| woocommerce-jetpack | lt | 5.4.9 |
Related
wpexploit
wpexploit
cnvd
cnvd
patchstack
patchstack
nvd
nvd
CVE-2021-24999
2022-01-03 13:15:08
prion
prion
Cross site scripting
2022-01-03 13:15:00
cve
cve
CVE-2021-24999
2022-01-03 13:15:08
cvelist
cvelist