The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/166626/WordPress-Ad-Inserter-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-04-04T15:35:58
Updated: 2022-04-07T17:08:06
Reserved: 2022-03-09T00:00:00
Link: CVE-2022-0901
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-04T16:15:10.233
Modified: 2022-04-11T18:25:23.497
Link: CVE-2022-0901
JSON object: View
Redhat Information
No data.
CWE