The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/faff9484-9fc7-4300-bdad-9cd8a30a9a4e | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-06-06T08:51:10
Updated: 2022-06-06T08:51:10
Reserved: 2022-05-05T00:00:00
Link: CVE-2022-1597
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-08T10:15:09.897
Modified: 2022-06-14T19:21:59.393
Link: CVE-2022-1597
JSON object: View
Redhat Information
No data.
CWE