Cross site scripting

2022-03-2119:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

30.2%

JSON

The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

CPENameOperatorVersion
pricing_table_builderlt1.1.5

CPE	Name	Operator	Version
	pricing_table_builder	lt	1.1.5

References

plugins.trac.wordpress.org/changeset/2684253

wpscan.com/vulnerability/f8405e06-9cf3-4acb-aebb-e80fb402daa9

0.001 Low

EPSS

Percentile

30.2%

JSON

Related for PRION:CVE-2022-0640