CVE-2022-1724 Simple Membership < 4.1.1 - Reflected Cross-Site Scripting

2022-06-1312:42:31

CWE-79

WPScan

www.cve.org

wordpress

plugin

xss

vulnerability

ajax

action

EPSS

0.001

Percentile

43.5%

JSON

The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting

CNA Affected

[
  {
    "product": "Simple Membership",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "4.1.1",
        "status": "affected",
        "version": "4.1.1",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/96a0a667-9c4b-4ea6-b78a-0681e9a9bbae

EPSS

0.001

Percentile

43.5%

JSON

Related for CVELIST:CVE-2022-1724