CVE-2023-28665

State: PUBLISHED · Published: 2023-03-22 · Updated: 2025-02-25 · Assigner: tenable

Description

The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected

n/a / Woo Bulk Price Update WordPress Plugin — v=< 2.2.2 [affected]

CVSS

(none)

References

https://www.tenable.com/security/research/tra-2023-3

Source

cvelistV5-main/cves/2023/28xxx/CVE-2023-28665.json