The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:00
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c - Exploit, Third Party Advisory |
Information
Published : 2022-07-11 13:15
Updated : 2024-11-21 07:00
NVD link : CVE-2022-2093
Mitre link : CVE-2022-2093
CVE.ORG link : CVE-2022-2093
JSON object : View
Products Affected
ninjateam
- wp_duplicate_page
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')