[-] Author : MEHRAN_FEIZI
[-] Vendor : https://wordpress.org/plugins/woocommerce/
[-&# [-] Title : word press plugin woocommerce 3.9.2 - Cross-Site Scripting
[-] Author : MEHRAN_FEIZI
[-] Vendor : https://wordpress.org/plugins/woocommerce/
[-] Tested on : Windows
[-] Category : Webapps
[-] Date : 2020-02-20
=====================================================================================================
Vulnerable page :
woocommerce/includes/admin/class-wc-admin-attributes.php
======================================================================================================
Vulnerable Source :
189: echo echo absint($edit);
163: $edit = absint($_GET['edit']) : 0;
=======================================================================================================
POC :
http://localhost/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-attributes.php?edit=[XSS]
=======================================================================================================
************************
* ==> Contact With We :
* Telegram : @MF0584
* Email : mehranfeizi13841384@gmail.com
************************