CVE-2022-4329

CVSS V2 None CVSS V3 None
Description
The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin).
Overview
  • CVE ID
  • CVE-2022-4329
  • Assigner
  • contact@wpscan.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-02T22:15:17
  • Last Modified Date
  • 2023-01-09T19:51:11
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:product_list_widget_for_woocommerce_project:product_list_widget_for_woocommerce:*:*:*:*:*:wordpress:*:* 1 OR 1.0
History
Created Old Value New Value Data Type Notes
2023-01-02 23:14:46 Added to TrackCVE
2023-01-02 23:14:47 Weakness Enumeration new
2023-01-03 14:13:43 2023-01-03T13:26:23 CVE Modified Date updated
2023-01-03 14:13:43 Received Awaiting Analysis Vulnerability Status updated
2023-01-06 06:16:49 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-09 20:19:58 2023-01-09T19:51:11 CVE Modified Date updated
2023-01-09 20:19:58 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-09 20:20:01 CPE Information updated