CVE-2021-25001

Name of the Vulnerable Software and Affected Versions The Booster for WooCommerce WordPress plugin versions prior to 5.4.9

Description The issue arises from the lack of sanitization and escaping of the wcj create products xml result parameter in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue.

Recommendations For versions prior to 5.4.9, update to version 5.4.9 or later to resolve the issue. As a temporary workaround, consider disabling the Product XML Feeds module until a patch is available. Restrict access to the admin dashboard to minimize the risk of exploitation. Avoid using the wcj create products xml result parameter in the affected module until the issue is resolved.