The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2678919 | Patch Third Party Advisory |
https://wpscan.com/vulnerability/5e5fdcf4-ec2b-4e73-8009-05606b2d5164 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-03-14T14:41:31
Updated: 2022-03-14T14:41:31
Reserved: 2022-01-28T00:00:00
Link: CVE-2022-0399
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-14T15:15:09.880
Modified: 2022-03-21T20:17:43.730
Link: CVE-2022-0399
JSON object: View
Redhat Information
No data.
CWE