CVE-2023-2256

MEDIUM NUCLEI

Themeisle Product Addons & Fields For Woocommerce < 32.0.7 - XSS

Title source: rule

Description

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting.

Nuclei Templates (1)

WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting

HIGHby ritikchaddha

FOFA: body="wp-content/plugins/woocommerce-product-addon/"

References (1)

[Exploit] https://wpscan.com/vulnerability/1187e041-3be2-4613-8d56-c2394fcc75fb

Scores

CVSS v3 6.1

EPSS 0.0946

EPSS Percentile 92.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

themeisle/product_addons_\&_fields_for_woocommerce < 32.0.7

Published May 30, 2023

Tracked Since Feb 18, 2026