WooCommerce Menu Extension <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

2023-12-2300:00:00

wpscan.com

wordpress

plugin

vulnerability

stored cross-site scripting

input sanitization

output escaping

authentication

contributor-level permissions

AI Score

5.7

Confidence

High

EPSS

Percentile

14.0%

JSON

Description The WooCommerce Menu Extension plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.