Lucene search

K
wpvulndbJeremie AmsellemWPVDB-ID:BC167B3A-24EE-4988-9934-189B6216CE40
HistoryDec 01, 2021 - 12:00 a.m.

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in General Module

2021-12-0100:00:00
Jeremie Amsellem
wpscan.com
11

0.001 Low

EPSS

Percentile

40.3%

The plugin does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue

PoC

The โ€œGeneralโ€ module needs to be enabled in โ€œWoocommerce -> Booster Settings -> Boosterโ€. https://example.com/wp-admin/admin.php?page=wcj-tools&amp;tab;=custom_roles&amp;wcj;_delete_role=

CPENameOperatorVersion
woocommerce-jetpacklt5.4.9

0.001 Low

EPSS

Percentile

40.3%

Related for WPVDB-ID:BC167B3A-24EE-4988-9934-189B6216CE40