Lucene search
Ran CraneWPVDB-ID:F8405E06-9CF3-4ACB-AEBB-E80FB402DAA9HistoryFeb 28, 2022 - 12:00 a.m.
AP Pricing Tables Lite < 1.1.5 - Reflected Cross-Site Scripting
2022-02-2800:00:00
Ran Crane
wpscan.com
16
0.001 Low
EPSS
Percentile
30.2%
The plugin does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
PoC
https://example.com/wp-admin/admin.php?page=ap-pricing-tables-lite-add-new&postid;=1’>
| CPE | Name | Operator | Version |
|---|---|---|---|
| ap-pricing-tables-lite | lt | 1.1.5 |
Related
prion
prion
Cross site scripting
2022-03-21 19:15:00
cvelist
cvelist
cve
cve
CVE-2022-0640
2022-03-21 19:15:11
nvd
nvd
CVE-2022-0640
2022-03-21 19:15:11
wpexploit
wpexploit
AP Pricing Tables Lite < 1.1.5 - Reflected Cross-Site Scripting
2022-02-28 00:00:00
patchstack
patchstack