PT-2023-14187 · WordPress · The Product List Widget For Woocommerce
Cydave
·
Published
2023-01-02
·
Updated
2025-04-10
·
CVE-2022-4329
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Product list Widget for Woocommerce WordPress plugin through 1.0
Description
The issue is related to a Reflected Cross-Site Scripting that could be used against both unauthenticated and authenticated users, including high-privilege ones like admin. This occurs because a parameter is not properly sanitised and escaped before being outputted back in the page.
Recommendations
For The Product list Widget for Woocommerce WordPress plugin through 1.0, update to a version that properly sanitises and escapes parameters to prevent Reflected Cross-Site Scripting. As a temporary workaround, consider restricting access to the plugin's functionality to minimise the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
The Product List Widget For Woocommerce