QwikSec

Security Database

CVE

CWE

Training

CVE-2021-25001

Published: Jan 3, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue

Vendor	Product	Versions
Unknown	Booster for WooCommerce	affected `5.4.9 - < 5.4.9`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/76f0257d-aae7-4054-9b3d-ba10b4005cf1

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.