Vulnerabilities and security researches forwoocommerce-buddypress-integration-xprofile-checkout-manager woocommerce-buddypress-integration-xprofile-checkout-manager

Jun 07, 2024

CVE, Research URL: a5d9f295a711e0878315c783d59b7a1edfa94bbf
Home page URL: Security reports for BuddyPress xProfile Checkout Manager for WooCommerce
Application: BuddyPress xProfile Checkout Manager for WooCommerce
Date: Aug 18, 2022
Research Description: BuddyPress xProfile Checkout Manager for WooCommerce [woocommerce-buddypress-integration-xprofile-checkout-manager] < 1.3.6 BuddyPress xProfile Checkout Manager for WooCommerce <= 1.3.5 - Stored Cross-Site Scripting The BuddyPress xProfile Checkout Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bf_xprofile_options’ parameter in versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable