CVE-2023-0942

MEDIUM NUCLEI

Artisanworkshop Japanized For Woocommerce < 2.5.4 - XSS

Title source: rule

Description

The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Nuclei Templates (1)

WordPress Japanized for WooCommerce <2.5.5 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

References (5)

[Third Party Advisory] https://plugins.trac.wordpress.org/browser/woocommerce-for-japan/trunk/includes/admin/views/html-admin-setting-screen.php#L63

[Patch] https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2868545%40woocommerce-for-japan%2Ftrunk&old=2863064%40woocommerce-for-japan%2Ftrunk&sfp_email=&sfph_mail=

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/bb606a30-2f7c-41e9-9ebc-9f1b0b84fff8

https://www.wordfence.com/threat-intel/vulnerabilities/id/bb606a30-2f7c-41e9-9ebc-9f1b0b84fff8?source=cve

https://www.wordfence.com/blog/2023/03/multiple-reflected-cross-site-scripting-vulnerabilities-in-three-wordpress-plugins-patched/

Scores

CVSS v3 6.1

EPSS 0.3989

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

artisanworkshop/japanized_for_woocommerce < 2.5.4

shoheitanaka/Japanized for WooCommerce < 2.5.4

Published Feb 21, 2023

Tracked Since Feb 18, 2026