Lucene search
Lana Codes (Patchstack Alliance)PATCHSTACK:CAD45600CD88294CB5C15FC4C408B69DHistoryOct 24, 2022 - 12:00 a.m.
WordPress Traffic Manager plugin <= 1.4.5 - Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS)
2022-10-2400:00:00
Lana Codes (Patchstack Alliance)
patchstack.com
24
wordpress traffic manager
version 1.4.5
broken access control
stored cross-site scripting
deactivation
deletion
0.001 Low
EPSS
Percentile
19.4%
Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by Lana Codes (Patchstack Alliance) in the WordPress Traffic Manager plugin (versions <= 1.4.5).
Solution
Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for download. This closure is temporary, pending a full review.
| CPE | Name | Operator | Version |
|---|---|---|---|
| traffic manager | le | 1.4.5 |
Related
cvelist
cvelist
prion
prion
Cross site scripting
2022-11-10 22:15:00
cve
cve
CVE-2022-42460
2022-11-10 22:15:15
nvd
nvd
CVE-2022-42460
2022-11-10 22:15:15
wpvulndb
wpvulndb
Traffic Manager <= 1.4.5 - Subscriber+ Stored Cross-Site Scripting
2022-10-24 00:00:00