Lucene search
WpvulndbWPVDB-ID:B8E9B8CF-8D13-4FD8-8E1E-EE35A01BAF05HistoryNov 23, 2023 - 12:00 a.m.
WooCommerce <= 8.1.1 & WooCommerce Blocks <= 11.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image alt Attribute
2023-11-2300:00:00
wpscan.com
13
wordpress
stored cross-site scripting
contributor-level access
Description The WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a featured image ‘alt’ attribute in versions up to, and including, 8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The WooCommerce Blocks plugin for WordPress is vulnerable to the same issue in versions up to, and including, 11.1.1.
Related
nvd
nvd
CVE-2023-47777
2023-11-30 12:15:08
openvas
openvas
WordPress WooCommerce Blocks Plugin < 11.1.2 XSS Vulnerability
2023-12-06 00:00:00
WordPress WooCommerce Plugin < 8.2.0 XSS Vulnerability
2023-12-06 00:00:00
cve
cve
CVE-2023-47777
2023-11-30 12:15:08
osv
osv
CVE-2023-47777
2023-11-30 12:15:08
prion
prion
Cross site scripting
2023-11-30 12:15:00
cvelist
cvelist
wordfence
wordfence
5.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.0%
Related for WPVDB-ID:B8E9B8CF-8D13-4FD8-8E1E-EE35A01BAF05