CVE-2021-25077

Published: Feb 7, 2022Modified: Jun 17, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting

Affected (1)

Products: Visser: Store Toolkit For Woocommerce

Visser

1 product

Store Toolkit For Woocommerce

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Visser Store Toolkit For Woocommerce	Before 2.3.2

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://plugins.trac.wordpress.org/changeset/2654503

Source: contact@wpscan.com

PatchThird Party Advisory

https://wpscan.com/vulnerability/53868650-aba0-4d07-89d2-a998bb0ee5f6

Source: contact@wpscan.com

ExploitThird Party Advisory

https://plugins.trac.wordpress.org/changeset/2654503

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://wpscan.com/vulnerability/53868650-aba0-4d07-89d2-a998bb0ee5f6

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.