CVE-2022-1250

🗓️ 02 May 2022 16:05:50Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 69 Views🌐 WEB

The LifterLMS PayPal WordPress plugin before 1.4.0 Reflected Cross-Site Scriptin

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2022-1250	2 May 202220:28	–	circl
CNNVD	WordPress plugin LifterLMS PayPal 跨站脚本漏洞	2 May 202200:00	–	cnnvd
CNVD	WordPress LifterLMS PayPal plugin跨站脚本漏洞	7 May 202200:00	–	cnvd
Cvelist	CVE-2022-1250 LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting	2 May 202216:05	–	cvelist
EUVD	EUVD-2022-24583	3 Oct 202520:07	–	euvd
NVD	CVE-2022-1250	2 May 202216:15	–	nvd
Patchstack	WordPress LifterLMS PayPal plugin <= 1.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability	4 Apr 202200:00	–	patchstack
Prion	Cross site scripting	2 May 202216:15	–	prion
RedhatCVE	CVE-2022-1250	22 May 202523:30	–	redhatcve
wpexploit	LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting	4 Apr 202200:00	–	wpexploit

NVD

Vulners

Node

lifterlms lifterlmsRange<1.4.0wordpress

[
  {
    "product": "LifterLMS Paypal",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.4.0",
        "status": "affected",
        "version": "1.4.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
make	www.make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/
wpscan	www.wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718

Parameter	Position	Path	Description	CWE
order	query param	purchase/confirm-payment/	Reflected Cross-Site Scripting (XSS) due to insufficient sanitization/escaping of query parameters on the payment confirmation page.	CWE-79
PayerID	query param	purchase/confirm-payment/	Reflected Cross-Site Scripting (XSS) due to insufficient sanitization/escaping of query parameters on the payment confirmation page.	CWE-79

21 Nov 2024 06:40Current

6Medium risk

Vulners AI Score6

CVSS 24.3

CVSS 3.16.1

EPSS0.00796

CWE-79