CVE-2022-1916
published 2022-06-27CVE-2022-1916: The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a…
PriorityP279medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.83%
76.2th percentile
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pluginus | woot | < 1.0.5 | 1.0.5 |
Detection & IOCsextracted from sources · hover to see the quote
otheralert(document.domain)
yara
words: ['woot-content-in-popup', 'woot-system', 'woot-table'] condition: or
- →Reflected XSS payload appears in the HTTP response body of an AJAX action endpoint; look for the XSS probe string 'alert(document.domain)' in response bodies from WooCommerce AJAX handlers. ↗
- →Detect exploitation attempts by matching response body for any of the plugin-specific CSS class strings: 'woot-content-in-popup', 'woot-system', or 'woot-table' combined with XSS payload indicators.
- →The vulnerable AJAX action is accessible to both unauthenticated and authenticated users — monitor all wp-admin/admin-ajax.php requests (not just authenticated sessions) for unsanitised parameter reflection. ↗
- →Confirmed exploitation responses return HTTP 200 with Content-Type text/html; filter on this combination alongside the woot-* body strings.
- ·Vulnerability is only present in plugin versions before 1.0.5; ensure version fingerprinting is part of any detection or triage workflow. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5cf8-g57m-35gw: The Active Products Tables for WooCommerce
ghsa_unreviewed·2022-06-28
CVE-2022-1916 [MEDIUM] CWE-79 GHSA-5cf8-g57m-35gw: The Active Products Tables for WooCommerce
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting
VulnCheck
pluginus woot Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2022·CVSS 6.1
CVE-2022-1916 [MEDIUM] pluginus woot Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
pluginus woot Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting
Affected: pluginus woot
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-21&host_type=src&vulnerability=cve-2022-1916; https://dashboard.shadowserve
No detection rules found.
Nuclei
WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-1916 [MEDIUM] WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-Site Scripting
WordPress Active Products Tables for WooCommerce alert(document.domain)'
- type: word
part: body
words:
- 'woot-content-in-popup'
- 'woot-system'
- 'woot-table'
condition: or
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022055cc18be3c9137f56c89f32e19a433ac4cd307da261d5981888a1484e8e2f727022100d162efd280d934391f782c27c77fcd358ce0536200b6e46235ac9b25e7764125:922c64590222798bb761d5b6d8e72950
2022-06-27
Published
Exploited in the wild