Limited Black Friday Offer:

WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting CVE-2022-0234 Scanner

Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting CVE-2022-0234 Scanner Detail

The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting

https://plugins.trac.wordpress.org/changeset/2659191
https://wpscan.com/vulnerability/fd568a1f-bd51-41bb-960d-f8573b84527b