WordPress Plugin Vulnerabilities

Minimum Purchase for WooCommerce <= 2.0.0.1 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
minimum-purchase-for-woocommerce
No known fix

References

CVE
CVE-2023-30492
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/minimum-purchase-for-woocommerce/minimum-purchase-for-woocommerce-2001-authenticated-contributor-stored-cross-site-scripting
URL
https://patchstack.com/database/vulnerability/minimum-purchase-for-woocommerce/wordpress-minimum-purchase-for-woocommerce-plugin-2-0-0-1-cross-site-scripting-xss-vulnerability

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
de177132-77be-42fb-96ff-abccce25cf55

Timeline

Publicly Published
2023-10-16 (about 2 years ago)
Added
2023-10-27 (about 2 years ago)
Last Updated
2023-10-27 (about 2 years ago)

Other

Published
Title
Published
2024-11-18
Title
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar < 5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode
Published
2021-08-09
Title
WP Fusion Lite < 3.37.31 - Reflected Cross-Site Scripting (XSS)
Published
2024-04-15
Title
Crelly Slider <= 1.4.5 - Admin+ Stored XSS
Published
2022-12-08
Title
Product list Widget for Woocommerce <= 1.0 - Reflected XSS
Published
2025-01-07
Title
Conversational Forms for ChatBot < 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting