The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the ‘page’ parameter to the techno_get_products action, which can only be triggered by an authenticated user.
View the template here CVE-2023-28665.yaml
References:
https://github.com/JoshuaMart/JoshuaMart