Lucene search
Enrico Marcolini, Claudio MarchesiniWPVDB-ID:DFE5001F-31B9-4DE2-A240-F7F5A992AC49HistoryJan 03, 2024 - 12:00 a.m.
Biteship for WooCommerce < 2.2.25 - Reflected Cross-Site Scripting
2024-01-0300:00:00
Enrico Marcolini, Claudio Marchesini
wpscan.com
7
woocommerce
reflected cross-site scripting
high privilege users
admin
vulnerability
Description The plugin does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PoC
Make a logged in admin open one of the URLs below: https://example.com/wp-admin/admin.php?page=wc-settings&biteship;_operation=1&biteship;_message= https://example.com/wp-admin/admin.php?page=wc-settings&biteship;_operation=1&biteship;_error=
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.2.25 |
Related
cve
cve
CVE-2023-6278
2024-01-29 15:15:09
wpexploit
wpexploit
Biteship for WooCommerce < 2.2.25 - Reflected Cross-Site Scripting
2024-01-03 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2023-6278
2024-01-29 15:15:09
prion
prion
Cross site scripting
2024-01-29 15:15:00
5.8 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
Related for WPVDB-ID:DFE5001F-31B9-4DE2-A240-F7F5A992AC49