WOOEXIM WordPress Plugin CSRF Vulnerability Leading to Reflected XSS

Vulnerability

A vulnerability in the WOOEXIM WordPress plugin, affecting versions through 5.0.0, allows for Cross-Site Request Forgery (CSRF) attacks that could lead to reflected Cross-Site Scripting (XSS). The plugin lacks proper CSRF protections in certain areas and fails to adequately sanitize and escape data, potentially exposing unauthenticated users to XSS risks.

Impact

Exploitation of this vulnerability could result in reflected Cross-Site Scripting, allowing attackers to inject malicious scripts that are executed in the context of the user's browser.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WOOEXIM WordPress Plugin CSRF Vulnerability Leading to Reflected XSS

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating