CVE-2023-2256

MEDIUM NUCLEI

Product Addons & Fields for WooCommerce < 32.0.7 - Reflected Cross-Site Scripting via URL Parameters

Title source: llm

Exploitation Summary

CVE-2023-2256 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting.

Nuclei Templates (1)

WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting

HIGHby ritikchaddha

FOFA: body="wp-content/plugins/woocommerce-product-addon/"

References (1)

Core 1

Core References

Exploit exploit vdb-entry technical-description

https://wpscan.com/vulnerability/1187e041-3be2-4613-8d56-c2394fcc75fb

Scores

CVSS v3 6.1

EPSS 0.0095

EPSS Percentile 56.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

themeisle/product_addons_\&_fields_for_woocommerce < 32.0.7

Published May 30, 2023

Tracked Since Feb 18, 2026