WooCommerce Pre-Orders < 2.0.1 – Contributor+ Stored XSS | CVE 2023-32793 | Plugin Vulnerabilities

Description

The plugin does not validate and escape its layout shortcode attribute before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

[woocommerce_pre_order_countdown product_id="64" layout="'-alert(/XSS/)-'"]

64 being a product set as a pre-order with an availability date in the future

Affects Plugins

woocommerce-pre-orders

Fixed in 2.0.1

References

CVE

URL

https://patchstack.com/database/vulnerability/woocommerce-pre-orders/wordpress-woocommerce-pre-orders-plugin-2-0-0-contributor-stored-cross-site-scripting-xss-vulnerability

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Rafie Muhammad

Verified

No

WPVDB ID

a86bdcfb-a1db-4775-8f30-8eec3f53a77a

Timeline

Publicly Published

2023-06-21 (about 2 years ago)

Added

2023-06-21 (about 2 years ago)

Last Updated

2023-06-21 (about 2 years ago)

Other

Published

Title

Published

2018-03-05

Title

iThemes Security <= 6.9.0 - Cross-Site Scripting (XSS)

Published

2025-01-16

Title

DN Sitemap Control <= 1.0.6 - Reflected Cross-Site Scripting

Published

2016-11-10

Title

WP Google Maps <= 6.3.14 - Authenticated Stored Cross-Site Scripting (XSS) via CSRF

Published

2021-07-19

Title

Mimetic Books <= 0.2.13 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2025-01-07

Title

Competition Form <= 2.0 - Reflected XSS