WooCommerce Cart Count Shortcode < 1.1.0 – Contributor+ XSS | CVE 2024-10563 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

Add the shortcode to a post:

`[cart_button items_in_cart_text="Cart" custom_css='red" onmouseover="alert(/XSS/)"']`

The XSS will trigger when a user will move the mouse over the Cart text when (pre)viewing the post

Affects Plugins

woo-cart-count-shortcode

Fixed in 1.1.0

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

08ed69f6-9c9b-4548-9dbb-05b602530ef7

Timeline

Publicly Published

2025-02-05 (about 10 months ago)

Added

2025-02-05 (about 10 months ago)

Last Updated

2025-02-05 (about 10 months ago)

Other

Published

Title

Published

2020-11-14

Title

WP DB Error Manager <= 2.1.6 - Reflected Cross-Site Scripting (XSS)

Published

2017-07-30

Title

WP Live Chat Support < 7.1.05 - Cross-Site Scripting (XSS)

Published

2023-11-28

Title

JetBlocks For Elementor < 1.3.8.1 - Reflected Cross Site Scripting

Published

2024-03-08

Title

EventPrime – Events Calendar, Bookings and Tickets < 3.4.4 - Unauthenticated Stored Cross-Site Scripting

Published

2024-06-21

Title

WP Secure Maintenance < 1.7 - Admin+ Stored XSS