WordPress Plugin Vulnerabilities

Booster for WooCommerce - Reflected Cross-Site Scripting

Description

The plugins do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

Affects Plugins

Plugin icon
woocommerce-jetpack
Fixed in 5.6.3
Plugin icon
booster-plus-for-woocommerce
Fixed in 6.0.0
Plugin icon
booster-elite-for-woocommerce
Fixed in 6.0.0

References

CVE
CVE-2022-4227

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.5 (high)

Miscellaneous

Original Researcher
WPScan
Verified
Yes
WPVDB ID
90d3022c-5d35-4ef2-ab87-6919268db890

Timeline

Publicly Published
2022-12-05 (about 1 years ago)
Added
2022-12-05 (about 1 years ago)
Last Updated
2022-12-05 (about 1 years ago)

Other

Published
Title
Published
2016-08-03
Title
WordPress Landing Pages <= 2.2.4 - Reflected Cross-Site Scripting (XSS)
Published
2014-08-01
Title
Konzept - Unspecified XSS
Published
2024-01-03
Title
Essential Addons for Elementor < 5.9.3 - Contributor+ Stored XSS
Published
2022-01-18
Title
User Registration, Login & Landing Pages <= 1.2.7 - Admin+ Stored Cross-Site Scripting
Published
2017-04-05
Title
Download WordPress Firewall 2 - Authenticated Stored XSS/CSRF