.. / CVE-2023-28665

Exploit for Woo Bulk Price Update <2.2.2 - Cross-Site Scripting (CVE-2023-28665)

Description:

The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the ‘page’ parameter to the techno_get_products action, which can only be triggered by an authenticated user.

Nuclei Template

View the template here CVE-2023-28665.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-28665.yaml
Copy

References:

https://github.com/JoshuaMart/JoshuaMart
https://github.com/ARPSyndicate/cvemon
https://nvd.nist.gov/vuln/detail/CVE-2023-28665
https://wpscan.com/vulnerability/6f70182c-0392-40eb-a5b9-4ff91778e036