Medium severity6.1NVD Advisory· Published Mar 14, 2022· Updated Jun 17, 2026
CVE-2022-0399
CVE-2022-0399
Description
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<1.2.3.7+ 1 more
- (no CPE)range: <1.2.3.7
- (no CPE)range: <1.2.3.7
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/2678919nvdPatchThird Party Advisory
- wpscan.com/vulnerability/5e5fdcf4-ec2b-4e73-8009-05606b2d5164nvdExploitPatchThird Party Advisory
News mentions
0No linked articles in our index yet.