Stored Cross-Site Scripting in FiboSearch Plugin for WooCommerce by WordPress

CVE-2023-2450

What is CVE-2023-2450?

The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through its admin settings. This flaw arises from inadequate input sanitization and output escaping, enabling authenticated attackers with administrator permissions to inject arbitrary web scripts into pages. These malicious scripts will execute when users access the affected pages. This issue is particularly prevalent in multi-site installations and setups where unfiltered_html is disabled, posing significant risks to site integrity and user security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References