Vulnerability Details CVE-2024-0251
The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects sites when the Dynamic Content for Elementor plugin is also installed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.7%
CVSS Severity
CVSS v3 Score 6.1
References
- https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L2170
- https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L287
- https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.97/includes/class-aws-integrations.php#L2104
- https://www.wordfence.com/threat-intel/vulnerabilities/id/91358e40-e64f-4e8e-b5a3-7d2133db5fe9?source=cve
- https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L2170
- https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L287
- https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.97/includes/class-aws-integrations.php#L2104
- https://www.wordfence.com/threat-intel/vulnerabilities/id/91358e40-e64f-4e8e-b5a3-7d2133db5fe9?source=cve
Products affected by CVE-2024-0251
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.46
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.47
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.48
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.49
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.50
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.51
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.52
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.53
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.54
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.55
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.56
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.57
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.58
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.59
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.60
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.61
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.62
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.63
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.64
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.65
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.66
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.67
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.68
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.69
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.70
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.71
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.72
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.73
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.74
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.75
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.76
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.77
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.78
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.79
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.80
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.81
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.82
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.83
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.84
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.85
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.86
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.87
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.88
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.89
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.90
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.91
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.92
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.93
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.94
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.95
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.96
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.97
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.98
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:1.99
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.00
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.01
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.02
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.03
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.04
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.05
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.06
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.07
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.08
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.09
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.10
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.11
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.12
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.13
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.14
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.15
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.16
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.17
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.18
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.19
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.20
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.21
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.22
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.23
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.24
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.25
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.26
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.27
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.28
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.29
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.30
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.31
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.32
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.33
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.34
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.35
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.36
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.37
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.38
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.39
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.40
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.41
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.42
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.43
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.44
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.45
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.46
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.47
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.48
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.49
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.50
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.51
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.52
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.53
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.54
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.55
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.56
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.57
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.58
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.59
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.60
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.61
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.62
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.63
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.64
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.65
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.66
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.67
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.68
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.69
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.70
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.71
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.72
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.73
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.74
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.75
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.76
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.77
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.78
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.79
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.80
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.81
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.82
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.83
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.84
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.85
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.86
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.87
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.88
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.89
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.90
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.91
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.92
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.93
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.94
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.95
-
cpe:2.3:a:advanced-woo-search:advanced_woo_search:2.96