CVE-2022-0201

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:permalink_manager_lite_project:permalink_manager_lite:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:permalink_manager_project:permalink_manager:*:*:*:*:pro:wordpress:*:*

History

21 Nov 2024, 06:38

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/changeset/2656512 - Patch, Third Party Advisory () https://plugins.trac.wordpress.org/changeset/2656512 - Patch, Third Party Advisory
References () https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4 - Exploit, Third Party Advisory

Information

Published : 2022-02-14 12:15

Updated : 2024-11-21 06:38


NVD link : CVE-2022-0201

Mitre link : CVE-2022-0201

CVE.ORG link : CVE-2022-0201


JSON object : View

Products Affected

permalink_manager_lite_project

  • permalink_manager_lite

permalink_manager_project

  • permalink_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')