1 results (0.004 seconds)
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4329 – Product list Widget for Woocommerce <= 1.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-4329
08 Dec 2022 — The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin). El complemento Product list Widget for Woocommerce de WordPress hasta la versión 1.0 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera un cross-site scripting reflejado que ... • https://wpscan.com/vulnerability/d7f2c1c1-75b7-4aec-8574-f38d506d064a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •