Lucene search
Lana CodesWPVDB-ID:C7D12FD4-7346-4727-9F6C-7E7E5524A932HistoryDec 20, 2022 - 12:00 a.m.
WOOCS < 1.3.9.3 - Contributor+ Stored XSS
2022-12-2000:00:00
Lana Codes
wpscan.com
11
woocs
plugin
contributor stored xss
shortcode attributes
stored cross-site scripting
high privilege users
admins
poc
software
EPSS
0.001
Percentile
22.4%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
PoC
[woocs_show_custom_price value=‘1" onmouseover=“alert(/XSS/)”’]
Related
wpvulndb
wpvulndb
WOOCS < 1.3.9.4 - Contributor+ Stored XSS
2022-12-20 00:00:00
wpexploit
wpexploit
WOOCS < 1.3.9.4 - Contributor+ Stored XSS
2022-12-20 00:00:00
WOOCS < 1.3.9.3 - Contributor+ Stored XSS
2022-12-20 00:00:00
nvd
nvd
CVE-2022-4431
2023-01-16 16:15:11
prion
prion
Cross site scripting
2023-01-16 16:15:00
cve
cve
CVE-2022-4431
2023-01-16 16:15:11
cvelist
cvelist
CVE-2022-4431 WOOCS < 1.3.9.4 - Contributor+ Stored XSS
2023-01-16 15:38:11