The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/d1b6f438-f737-4b18-89cf-161238a7421b | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-03-07T08:16:37
Updated: 2022-03-07T08:16:37
Reserved: 2022-01-31T00:00:00
Link: CVE-2022-0429
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-07T09:15:09.513
Modified: 2022-03-11T17:25:17.237
Link: CVE-2022-0429
JSON object: View
Redhat Information
No data.
CWE