WordPress Plugin Vulnerabilities
WooCommerce Green Wallet Gateway < 1.0.2 - Reflected Cross Site Scripting in checkout page
Description
The plugin does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability.
Proof of Concept
1. Enable greenwallet-gateway as a woocommerce payment gateway 2. add something in your cart and visit the checkout page 3. visit website/checkoutpage/?error_envision=<script>alert(1)</script>
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
goodguyandy
Submitter
Andrea
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-05-11 (about 2 years ago)
Added
2022-05-11 (about 2 years ago)
Last Updated
2022-05-12 (about 2 years ago)