Advanced Woo Search <= 1.68 - CSRF & XSS



Description
CSRF leading to XSS

Sanitisation against XSS added in 1.70, however no CSRF checks are performed.

Affects Plugin

fixed in version 1.70

References

URL https://plugins.trac.wordpress.org/changeset?reponame=&new=2079301%40advanced-woo-search&old=2077958%40advanced-woo-search

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Views 4409
Verified No
WPVDB ID 9384

Timeline

Publicly Published 2019-05-02 (about 1 year ago)
Added 2019-06-24 (about 1 year ago)
Last Updated 2019-06-24 (about 1 year ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin