Japanized For Woocommerce
Monthly
Unauthenticated broken access control in the Japanized For WooCommerce WordPress plugin (versions <= 2.9.12) allows remote unauthenticated attackers to bypass authorization checks and perform restricted operations, resulting in limited integrity and availability impact. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no authentication or user interaction is required, lowering the exploitation barrier significantly for any exposed WordPress site running this plugin. No public exploit code or CISA KEV listing has been identified at time of analysis, though the low complexity and zero-privilege requirement make this accessible to unsophisticated attackers.
The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.1%.
Unauthenticated broken access control in the Japanized For WooCommerce WordPress plugin (versions <= 2.9.12) allows remote unauthenticated attackers to bypass authorization checks and perform restricted operations, resulting in limited integrity and availability impact. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no authentication or user interaction is required, lowering the exploitation barrier significantly for any exposed WordPress site running this plugin. No public exploit code or CISA KEV listing has been identified at time of analysis, though the low complexity and zero-privilege requirement make this accessible to unsophisticated attackers.
The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.1%.