WordPress Plugin Vulnerabilities

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module

Description

The plugin does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

The "Product XML Feeds" module needs to be enabled in "Woocommerce -> Booster Settings".

https://example.com/wp-admin/admin.php?page=wc-settings&tab=jetpack&wcj-cat=products&section=products_xml&wcj_create_products_xml_result=1<script>alert(%2FXSS%2F)<%2Fscript>

Affects Plugins

Plugin icon
woocommerce-jetpack
Fixed in 5.4.9

References

CVE
CVE-2021-25001

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Jeremie Amsellem
Submitter
Jeremie Amsellem
Submitter website
https://fenrir.pro
Submitter twitter
lp1eu
Verified
Yes
WPVDB ID
76f0257d-aae7-4054-9b3d-ba10b4005cf1

Timeline

Publicly Published
2021-12-01 (about 2 years ago)
Added
2021-12-01 (about 2 years ago)
Last Updated
2022-04-09 (about 1 years ago)

Other

Published
Title
Published
2023-11-13
Title
Popup box < 3.8.6 - Admin+ Stored XSS in Categories
Published
2022-11-16
Title
Donation Button <= 4.0.0 - Contributor+ Stored XSS
Published
2014-08-01
Title
snazzy-archives <= 1.7.1 - swf/tagcloud.swf tagcloud Parameter XSS
Published
2020-06-11
Title
WordPress < 5.4.2 - Authenticated Stored XSS via Theme Upload
Published
2014-08-01
Title
placester <= 0.3.12 - XSS in ZeroClipboard