CVE-2022-1546

CVE-2022-1546: WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting

Vendor Unknown

Product WooCommerce – Product Importer

Weakness CWE-79 · XSS

Published July 11, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

July 11, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1546 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-7319 Nagios Network Analyzer < 2024R1 XSS via Percentile Calculator Menu CVE-2023-46613 WordPress Add to Calendar Button Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS) CVE-2025-23834 WordPress Links/Problem Reporter plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2021-36841 YITH Maintenance Mode (WordPress plugin) <= 1.3.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability. CVE-2025-26747 WordPress RainbowNews theme <= 1.0.7 - Cross Site Scripting (XSS) vulnerability