Lucene search
WpvulndbWPVDB-ID:D5371796-2712-4A01-892C-E8EA332F2059HistoryNov 23, 2023 - 12:00 a.m.
Related Products for WooCommerce < 3.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
2023-11-2300:00:00
wpscan.com
1
woocommerce
stored cross-site scripting
input sanitization
Description The Related Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘woo-related’ shortcode in versions up to, and including, 3.3.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 3.3.16 |
Related
cve
cve
CVE-2023-5234
2023-11-22 16:15:10
cvelist
cvelist
CVE-2023-5234
2023-11-22 15:33:32
nvd
nvd
CVE-2023-5234
2023-11-22 16:15:10
prion
prion
Cross site scripting
2023-11-22 16:15:00
wordfence
wordfence
5.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.4%
Related for WPVDB-ID:D5371796-2712-4A01-892C-E8EA332F2059