WordPress WooCommerce 3.9.2 Cross Site Scripting

WordPress WooCommerce plugin version 3.9.2 suffers from a cross site scripting vulnerability.


MD5 | 94820451c430b8a8ed5f6fd5526603f8

[-] Title : word press plugin woocommerce 3.9.2 - Cross-Site Scripting
[-] Author : MEHRAN_FEIZI
[-] Vendor : https://wordpress.org/plugins/woocommerce/
[-] Tested on : Windows
[-] Category : Webapps
[-] Date : 2020-02-20
=====================================================================================================
Vulnerable page :
woocommerce/includes/admin/class-wc-admin-attributes.php
======================================================================================================
Vulnerable Source :
189: echo echo absint($edit);
163: $edit = absint($_GET['edit']) : 0;
=======================================================================================================
POC :
http://localhost/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-attributes.php?edit=[XSS]
=======================================================================================================
************************
* ==> Contact With We :
* Telegram : @MF0584
* Email : [email protected]
************************

Related Posts