Themes Vulnerabilities

WoodMart < 7.2.2 - Subscriber+ Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting attacks

Affects Themes

woodmart
Fixed in 7.2.2

References

CVE
CVE-2023-32239

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.0 (high)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
6eb2d429-1610-4068-9c51-8361c168c3a0

Timeline

Publicly Published
2023-05-11 (about 2 years ago)
Added
2023-06-22 (about 2 years ago)
Last Updated
2023-06-22 (about 2 years ago)

Other

Published
Title
Published
2022-10-24
Title
ProfileGrid < 5.1.1 - Reflected Cross-Site Scripting
Published
2025-07-16
Title
bbPress Move Topics <= 1.1.6 - Reflected Cross-Site Scripting
Published
2025-01-16
Title
SpiderDisplay <= 1.9.1 - Reflected Cross-Site Scripting
Published
2025-01-06
Title
Image Magnify <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-04-13
Title
WP Social Buttons <= 2.2 - Admin+ Stored Cross-Site Scripting