CVE-2022-0399

CVE-2022-0399: Advanced Product Labels for WooCommerce < 1.2.3.7 - Reflected Cross-Site Scripting

Vendor Unknown

Product Advanced Product Labels for WooCommerce

Weakness CWE-79 · XSS

Published March 14, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

March 14, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0399 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-39449 WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability CVE-2018-1081 CVE-2024-49295 WordPress Simple Testimonials Showcase plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability CVE-2022-2655 Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting CVE-2025-1437 Advanced iFrame <= 2025.2 - Authenticated (Contributor+) Stored Cross-Site Scripting