WordPress Plugin Vulnerabilities
Print Invoice & Delivery Notes for WooCommerce < 4.7.2 - Reflected XSS
Description
The plugin is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_shop_orders capability. WooCommerce must be installed and active. This vulnerability is caused by a urldecode() after cleanup with esc_url_raw(), allowing double encoding.
Proof of Concept
http://localhost:8000/wp-admin/edit.php?post_type=shop_order&printed_order=1&total=1&print_url=%2522%253E%253Cscript%253Ealert%28document.domain%29%253C%252Fscript%253E%253Cp%252Bid%253D
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
dc11
Submitter
dc11
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-02-02 (about 1 years ago)
Added
2023-02-02 (about 1 years ago)
Last Updated
2023-02-02 (about 1 years ago)