The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2656512 | Patch Third Party Advisory |
https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4 | Exploit Third Party Advisory |
https://plugins.trac.wordpress.org/changeset/2656512 | Patch Third Party Advisory |
https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:38
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset/2656512 - Patch, Third Party Advisory | |
References | () https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4 - Exploit, Third Party Advisory |
Information
Published : 2022-02-14 12:15
Updated : 2024-11-21 06:38
NVD link : CVE-2022-0201
Mitre link : CVE-2022-0201
CVE.ORG link : CVE-2022-0201
JSON object : View
Products Affected
permalink_manager_lite_project
- permalink_manager_lite
permalink_manager_project
- permalink_manager
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')