Booster for WooCommerce < 5.4.9 – Reflected Cross-Site Scripting in General Module | CVE 2021-25000 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

The "General" module needs to be enabled in "Woocommerce -> Booster Settings -> Booster".

https://example.com/wp-admin/admin.php?page=wcj-tools&tab=custom_roles&wcj_delete_role=<script>alert(/XSS/)<%2Fscript>

Affects Plugins

woocommerce-jetpack

Fixed in 5.4.9

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Jeremie Amsellem

Submitter

Jeremie Amsellem

Submitter website

https://fenrir.pro

Submitter twitter

Verified

Yes

WPVDB ID

bc167b3a-24ee-4988-9934-189b6216ce40

Timeline

Publicly Published

2021-12-01 (about 2 years ago)

Added

2021-12-01 (about 2 years ago)

Last Updated

2022-04-09 (about 2 years ago)

Other

Published

Title

Published

2023-02-20

Title

WP Table Builder < 1.4.7 - Admin+ Stored XSS

Published

2023-06-19

Title

Image Protector <= 1.1 - Admin+ Stored Cross-Site Scripting

Published

2023-06-15

Title

WP Affiliate Links <= 0.1.1 - Reflected XSS

Published

2017-07-26

Title

FormCraft - Premium WordPress Form Builder < 3.4 - Authenticated Stored XSS

Published

2014-10-02

Title

WordPress Integrator 1.32 - Cross-Site Scripting (XSS)