CVE-2023-0062: EAN for WooCommerce < 4.4.3 - Contributor+ Stored XSS
First published: Mon Feb 06 2023(Updated: )
The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpfactory Ean For Woocommerce | <4.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for EAN for WooCommerce?
The vulnerability ID for EAN for WooCommerce is CVE-2023-0062.
What is the severity level of CVE-2023-0062?
The severity level of CVE-2023-0062 is medium, with a severity value of 5.4.
What is the affected software for CVE-2023-0062?
The affected software for CVE-2023-0062 is the EAN for WooCommerce WordPress plugin before version 4.4.3.
What is the risk associated with CVE-2023-0062?
CVE-2023-0062 allows users with the contributor role and above to perform Stored Cross-Site Scripting (XSS) attacks.
Is there a fix available for CVE-2023-0062?
Yes, the fix for CVE-2023-0062 is to update the EAN for WooCommerce WordPress plugin to version 4.4.3 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- vendor/wpfactory
- canonical/wpfactory ean for woocommerce