← volver
CVE-2022-0426

Product Feed PRO for WooCommerce < 11.2.3 - Reflected Cross-Site Scripting

EPSS 0.7%CWE-79
The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting
Productos afectados
Unknown · Product Feed PRO for WooCommerce

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://plugins.trac.wordpress.org/changeset/2670405https://wpscan.com/vulnerability/de69bcd1-b0b1-4b16-9655-776ee57ad90a