The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/f37d1d55-10cc-4202-8d16-9ec2128f54f9 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-06-06T08:50:53
Updated: 2022-06-06T08:50:53
Reserved: 2022-03-17T00:00:00
Link: CVE-2022-1005
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-08T10:15:09.237
Modified: 2022-06-17T01:13:53.790
Link: CVE-2022-1005
JSON object: View
Redhat Information
No data.
CWE