CVE-2023-2452




The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.


We have discovered 580 live websites that are affected by CVE-2023-2452.

Contact us to get more info



Affected Software

Product  Advanced Woo Search
Category Wordpress Plugins
Vulnerable Versions
  • from 0 through 2.77
Total Vulnerable Versions169
Vulnerable Domains580 live websites (18.43% of Advanced Woo Search install base)



Details

  • Published - Jun 9, 2023
  • Updated - Jun 9, 2023

Credits

  • Ivan Kuzymchak (finder)




Countries

United States126 websites


Russia49 websites
Germany37 websites
France32 websites
GB32 websites
Italy29 websites
Australia22 websites
Netherlands21 websites
Spain20 websites
Poland18 websites

TLDs

.com223 websites
.ru43 websites
.de21 websites
.com.au20 websites
.co.uk18 websites
.it16 websites
.pl16 websites
.fr15 websites
.org15 websites
.nl12 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


References


Websites affected by CVE-2023-2452

Top websites that are affected by CVE-2023-2452. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***.**********.com United States*,***
***********.hu Hungary**,***
***.*******************.com United States**,***
***.**************.com United States***,***
*************.com Australia***,***
*******.****.***.ni Nicaragua***,***
***********.shop Spain***,***
************.ir Iran***,***
**************.***.br Brazil***,***
***.****************.com United States***,***
See full domain list