WooCommerce Modal Fly Cart + Ajax add to cart - Reflected cross-site scripting (XSS)
Detected by

Fluid Attacks SAST Scanner
Disclosed by Andres Roldan
Summary
Full name
WooCommerce Modal Fly Cart + Ajax add to cart 1.1.1 - Reflected cross-site scripting (XSS)
Code name
State
Private
Release date
Jan 3, 2025
Affected product
WooCommerce Modal Fly Cart + Ajax add to cart
Affected version(s)
Version 1.1.1
Vulnerability name
Reflected cross-site scripting (XSS)
Vulnerability type
Remotely exploitable
No
CVSS v4.0 vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:U
Exploit available
No
CVE ID(s)
Description
WooCommerce Modal Fly Cart + Ajax add to cart 1.1.1 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/inc/class-frontend.php.
Vulnerability
Skims by Fluid Attacks discovered a Reflected cross-site scripting (XSS) in WooCommerce Modal Fly Cart + Ajax add to cart 1.1.1. The following is the output of the tool:
Skims output
Our security policy
We have reserved the ID CVE-2025-0778 to refer to this issue from now on. Disclosure policy
System Information
Version: WooCommerce Modal Fly Cart + Ajax add to cart 1.1.1
Mitigation
There is currently no patch available for this vulnerability.
Timeline
Jan 3, 2025
Vulnerability discovered
Jan 3, 2025
Vendor contacted
Does your application use this vulnerable software?
During our free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.