CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-0399

The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.6%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://plugins.trac.wordpress.org/changeset/2678919
https://wpscan.com/vulnerability/5e5fdcf4-ec2b-4e73-8009-05606b2d5164
https://plugins.trac.wordpress.org/changeset/2678919
https://wpscan.com/vulnerability/5e5fdcf4-ec2b-4e73-8009-05606b2d5164

Products affected by CVE-2022-0399

Berocket » Advanced Product Labels For Woocommerce » Version: Any

cpe:2.3:a:berocket:advanced_product_labels_for_woocommerce:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-0399

Products

Pricing

Contact Us