CVE-2022-0201
N/A
N/A
Summary
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Maciej Bis | Permalink Manager Lite | 2.2.15 < 2.2.15 | affected |
| Maciej Bis | Permalink Manager Pro | 2.2.15 < 2.2.15 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4
- https://plugins.trac.wordpress.org/changeset/2656512
References
- https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4
- https://plugins.trac.wordpress.org/changeset/2656512
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.