Woocommerce Vietnam Checkout < 2.0.6 – Unauthenticated Stored XSS | CVE 2023-5325 | Plugin Vulnerabilities

Description

The plugin does not escape the custom shipping phone field no the checkout form leading to XSS

Proof of Concept

1) Install both WooCommerce and the plugin.
2) Set a WooCommerce shipping method, and the store's address to one that is in Vietnam.
3) Add product to cart, and proceed to checkout
4) Tick "Ship to a different address?"
5) Fill the telephone field with:

" onmouseover="alert(1);//


An alert box should pop up when an administrator hovers the order's associated recipient phone number on http://vulnerable-site.tld/wp-admin/post.php?post=$ORDER_ID&action=edit

You can find a video here:

https://drive.proton.me/urls/JRWA6XHCR8#6MS36X7Ag78i

Affects Plugins

woo-vietnam-checkout

Fixed in 2.0.6

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

dc11

Submitter

dc11

Verified

Yes

WPVDB ID

e93841ef-e113-41d3-9fa1-b21af85bd812

Timeline

Publicly Published

2023-11-06 (about 6 months ago)

Added

2023-11-06 (about 6 months ago)

Last Updated

2023-11-06 (about 6 months ago)

Other

Published

Title

Published

2024-01-30

Title

CC BMI Calculator < 2.1.0 - Contributor+ Stored XSS

Published

2021-03-28

Title

Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS)

Published

2023-02-22

Title

WPB Advanced FAQ <= 1.0.6 - Contributor+ Stored XSS

Published

2016-02-07

Title

InstaLinker <= 1.1.1 - Reflected Cross-Site Scripting (XSS)

Published

2023-08-30

Title

breadcrumb simple <= 1.3 - Admin+ Stored XSS