Reflected Cross-Site Scripting Vulnerability in Star CloudPRNT for WooCommerce Plugin by WordPress
CVE-2023-4603

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Star CloudPRNT for WooCommerce
Vendor: CVE Published:; 13 November 2023

Summary

The Star CloudPRNT for WooCommerce plugin for WordPress is susceptible to reflected cross-site scripting due to inadequate input sanitization in the 'printersettings' parameter. This vulnerability allows unauthenticated attackers to inject arbitrary scripts into web pages. If users are lured into clicking on a malicious link, their browsers may execute these scripts, potentially leading to data theft or session hijacking. Users should ensure they are using the latest version of the plugin to protect against these threats.

Affected Version(s)

Star CloudPRNT for WooCommerce * <= 2.0.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://drive.google.com/file/d/1cRVH7Oz6M2U2XTbNAmm43PDK...

https://plugins.trac.wordpress.org/changeset/2991002/star...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 13, 2023
Vulnerability Reserved
Aug 29, 2023

Credit

Vincenzo Turturro

Gianluca Parisi

Vincenzo Cantatore