WordPress Plugin Vulnerabilities

Woocommerce Order address Print <= 3.2 - Reflected XSS

Description

The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affects Plugins

Plugin icon
woocommerce-order-address-print
No known fix

References

CVE
CVE-2023-34184

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Nguyen Xuan Chien
Verified
No
WPVDB ID
43353dcf-0c17-44a3-ae6d-587fdec97d69

Timeline

Publicly Published
2023-05-30 (about 11 months ago)
Added
2023-09-07 (about 8 months ago)
Last Updated
2023-09-07 (about 8 months ago)

Other

Published
Title
Published
2024-04-04
Title
Happy Addons for Elementor < 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy
Published
2022-11-14
Title
WP Affiliate Platform < 6.4.0 - Admin+ Stored XSS
Published
2022-06-27
Title
Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting
Published
2022-02-04
Title
IP2Location Country Blocker < 2.26.9 - Admin+ Stored Cross-Site Scripting
Published
2023-08-22
Title
Collapse-O-Matic <= 1.8.5.7 - Contributor+ Stored XSS