CVE-2021-24940
MEDIUM NUCLEIPersian Woocommerce < 5.8.0 - Reflected Cross-Site Scripting via 's' Parameter
Title source: llmExploitation Summary
CVE-2021-24940 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue
Nuclei Templates (1)
WordPress Persian Woocommerce <=5.8.0 - Cross-Site Scripting
MEDIUMVERIFIEDby daffainfo
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/1980c5ca-447d-4875-b542-9212cc7ff77f
Scores
CVSS v3
6.1
EPSS
0.0148
EPSS Percentile
70.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
woocommerce/persian-woocommerce
< 5.8.0
Published
Mar 14, 2022
Tracked Since
Feb 18, 2026