logo
DATABASE RESOURCES PRICING ABOUT US

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in General Module

Description

The plugin does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue ### PoC The "General" module needs to be enabled in "Woocommerce -> Booster Settings -> Booster". https://example.com/wp-admin/admin.php?page=wcj-tools&tab;=custom_roles&wcj;_delete_role=


Affected Software


CPE Name Name Version
woocommerce-jetpack 5.4.9

Related