CVE-2022-4329

The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin).
Configurations

Configuration 1 (hide)

cpe:2.3:a:product_list_widget_for_woocommerce_project:product_list_widget_for_woocommerce:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:35

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/d7f2c1c1-75b7-4aec-8574-f38d506d064a - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/d7f2c1c1-75b7-4aec-8574-f38d506d064a - Exploit, Third Party Advisory
Summary
  • (es) El complemento Product list Widget for Woocommerce de WordPress hasta la versión 1.0 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera un cross-site scripting reflejado que podría usarse contra usuarios autenticados y no autenticados (como uno con privilegios altos como administración).

07 Nov 2023, 03:57

Type Values Removed Values Added
CWE CWE-79

Information

Published : 2023-01-02 22:15

Updated : 2025-04-10 18:15


NVD link : CVE-2022-4329

Mitre link : CVE-2022-4329

CVE.ORG link : CVE-2022-4329


JSON object : View

Products Affected

product_list_widget_for_woocommerce_project

  • product_list_widget_for_woocommerce
CWE

No CWE.