CVE-2022-0399

Name of the Vulnerable Software and Affected Versions Advanced Product Labels for WooCommerce WordPress plugin versions prior to 1.2.3.7

Description The issue arises from the lack of sanitization and escaping of the tax color set type parameter in the berocket apl color listener AJAX action's response, leading to a Reflected Cross-Site Scripting.

Recommendations For versions prior to 1.2.3.7, update to version 1.2.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the berocket apl color listener AJAX action to minimize the risk of exploitation. Avoid using the tax color set type parameter in the affected AJAX endpoint until the issue is resolved.