WordPress Plugin Vulnerabilities

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in General Module

Description

The plugin does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

The "General" module needs to be enabled in "Woocommerce -> Booster Settings -> Booster".

https://example.com/wp-admin/admin.php?page=wcj-tools&tab=custom_roles&wcj_delete_role=<script>alert(/XSS/)<%2Fscript>

Affects Plugins

Plugin icon
woocommerce-jetpack
Fixed in 5.4.9

References

CVE
CVE-2021-25000

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Jeremie Amsellem
Submitter
Jeremie Amsellem
Submitter website
https://fenrir.pro
Submitter twitter
lp1eu
Verified
Yes
WPVDB ID
bc167b3a-24ee-4988-9934-189b6216ce40

Timeline

Publicly Published
2021-12-01 (about 2 years ago)
Added
2021-12-01 (about 2 years ago)
Last Updated
2022-04-09 (about 1 years ago)

Other

Published
Title
Published
2017-04-14
Title
RSS Includes Pages <= 3.6 - XSS
Published
2022-03-09
Title
WP HTML Mail < 3.1.3 - Reflected Cross-Site Scripting
Published
2022-11-14
Title
Photospace Gallery <= 2.3.5 - Subscriber+ Stored Cross-Site Scripting
Published
2014-08-01
Title
Yahoo Updates < 1.0 - XSS vulnerabilities in yupdates_application.php
Published
2023-08-16
Title
Custom Admin Login Page | WPZest <= 1.2.0 - Admin+ Stored XSS