WordPress Plugin WooCommerce Product Feed

vendor:

WooCommerce Product Feed

by:

Damian Ebelties

5.4

CVSS

MEDIUM

Cross-Site Scripting

CWE

Product Name: WooCommerce Product Feed

Affected Version From: <= 2.2.18

Affected Version To: <= 2.2.18

Patch Exists: YES

Related CWE: CVE-2019-1010124

CPE: 2.3:a:wordpress:woocommerce_product_feed

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Ubuntu 18.04.1

2019

WordPress Plugin WooCommerce Product Feed <= 2.2.18 - Cross-Site Scripting

The WordPress plugin 'WooCommerce Product Feed' does not correctly sanitize user-input, which leads to Cross-Site Scripting in the Admin Panel. Since it is WordPress, it's fairly easy to get RCE with this XSS, by editing the theme files via (for example) XHR requests with included Javascript.

Mitigation:

Sanitize user-input correctly.

Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin WooCommerce Product Feed <= 2.2.18 - Cross-Site Scripting
# Date: 30 August 2019
# Exploit Author: Damian Ebelties (https://zerodays.lol/)
# Vendor Homepage: https://wordpress.org/plugins/webappick-product-feed-for-woocommerce/
# Version: <= 2.2.18
# Tested on: Ubuntu 18.04.1
# CVE: CVE-2019-1010124

The WordPress plugin 'WooCommerce Product Feed' does not correctly sanitize user-input,
which leads to Cross-Site Scripting in the Admin Panel.

Since it is WordPress, it's fairly easy to get RCE with this XSS, by editing the theme
files via (for example) XHR requests with included Javascript.

Proof-of-Concept:

    https://domain.tld/wp-admin/admin.php?page=woo_feed_manage_feed&link=%3E%3Cscript%3Ealert`zerodays.lol`;%3C/script%3E