The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2659298 | Release Notes Third Party Advisory |
https://wpscan.com/vulnerability/52a71bf1-b8bc-479e-b741-eb8fb9685014 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-02-28T09:06:43
Updated: 2022-02-28T09:06:43
Reserved: 2022-01-11T00:00:00
Link: CVE-2022-0189
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-28T09:15:08.893
Modified: 2022-03-08T16:22:14.813
Link: CVE-2022-0189
JSON object: View
Redhat Information
No data.
CWE