CVE-2022-0901

 

Published at: - 04-04-2022 06:15

Last modified: - 11-04-2022 08:25

Total changes: - 3

Description

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

 

Verification logic

 

Reference

• https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba
• http://packetstormsecurity.com/files/166626/WordPress-Ad-Inserter-Cross-Site-Scripting.html

 

Keywords

NVD

 

CVE-2022-0901

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures