cleantalk
Vulnerabilities and Security Researches

BuddyPress xProfile Checkout Manager for WooCommerce, a5d9f295a711e0878315c783d59b7a1edfa94bbf

CVE, Research URL

a5d9f295a711e0878315c783d59b7a1edfa94bbf

Home page URL

Security reports for BuddyPress xProfile Checkout Manager for WooCommerce

Application

BuddyPress xProfile Checkout Manager for WooCommerce

Published on
Aug 18, 2022
Research Description
BuddyPress xProfile Checkout Manager for WooCommerce [woocommerce-buddypress-integration-xprofile-checkout-manager] < 1.3.6 BuddyPress xProfile Checkout Manager for WooCommerce <= 1.3.5 - Stored Cross-Site Scripting The BuddyPress xProfile Checkout Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bf_xprofile_options’ parameter in versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.3.6.
Status
vulnerable
Previous vulnerability researches
BuddyPress xProfile Checkout Manager for WooCommerce (a5d9f295a711e0878315c783d59b7a1edfa94bbf) , Jun 07, 2024
New vulnerability
WP Customer Area (CVE-2025-49982) , Jun 22, 2025
Polls CP (CVE-2025-50025) , Jun 22, 2025
ContentStudio (CVE-2025-49990) , Jun 22, 2025
ANON::form embedded secure form (CVE-2025-52733) , Jun 22, 2025
Oganro Travel Portal Search Widget for HotelBeds APITUDE API (CVE-2025-49966) , Jun 22, 2025