EAN for WooCommerce < 4.4.3 – Contributor+ Stored XSS | CVE 2023-0062 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

[alg_wc_ean_product_image product_id='1' width='100%' height='100%" onmouseover="alert(1)"']

Note: In product_id, the WooCommerce product id will go.

Affects Plugins

ean-for-woocommerce

Fixed in 4.4.3

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

450f94a3-56b1-41c7-ac29-fbda1dc04794

Timeline

Publicly Published

2023-01-11 (about 1 years ago)

Added

2023-01-11 (about 1 years ago)

Last Updated

2023-01-11 (about 1 years ago)

Other

Published

Title

Published

2021-06-07

Title

WP Hardening < 1.2.2 - Reflected XSS via URI

Published

2022-09-23

Title

FontMeister <= 1.08 - Reflected Cross-Site Scripting

Published

2023-06-20

Title

Contact Form by WPForms < 1.8.1.3 - Reflected XSS

Published

2023-04-12

Title

Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS

Published

2023-01-18

Title

TemplatesNext ToolKit < 3.2.9 - Contributor+ Stored XSS