CVE-2023-7151Cross-site Scripting in Product Enquiry FOR Woocommerce

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 50.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gravitymaster Product Enquiry FOR Woocommerce
Timeline
PublishedJan 16

Description

The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Product Enquiry for WooCommerce < 3.2 - Reflected XSS2024-01-16
GHSA
GHSA-mg9f-ffx6-x997: The Product Enquiry for WooCommerce WordPress plugin before 32024-01-16
CVE-2023-7151 — Cross-site Scripting | cvebase