QwikSec

Security Database

CVE

CWE

Training

CVE-2022-0399

Published: Mar 14, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting

Vendor	Product	Versions
Unknown	Advanced Product Labels for WooCommerce	affected `1.2.3.7 - < 1.2.3.7`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/5e5fdcf4-ec2b-4e73-8009-05606b2d5164

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset/2678919

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.