CVE-2022-1269

🗓️ 02 May 2022 16:05:53Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 89 Views🌐 WEB

The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scriptin

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2022-1269	2 May 202216:15	–	attackerkb
Circl	CVE-2022-1269	2 May 202220:28	–	circl
CNNVD	WordPress plugin Fast Flow 跨站脚本漏洞	2 May 202200:00	–	cnnvd
CNVD	WordPress Fast Flow plugin跨站脚本漏洞	7 May 202200:00	–	cnvd
Cvelist	CVE-2022-1269 Fast Flow < 1.2.12 - Reflected Cross-Site Scripting	2 May 202216:05	–	cvelist
EUVD	EUVD-2022-24602	3 Oct 202520:07	–	euvd
NVD	CVE-2022-1269	2 May 202216:15	–	nvd
OSV	CVE-2022-1269	2 May 202216:15	–	osv
Patchstack	WordPress Fast Flow Plugin <= 1.2.11 - Reflected Stored Cross-Site Scripting vulnerability	15 Aug 202200:00	–	patchstack
Patchstack	WordPress Fast Flow plugin <= 1.2.10 - Reflected Cross-Site Scripting (XSS) vulnerability	11 Apr 202200:00	–	patchstack

NVD

Vulners

Node

fastflow fastflowRange<1.2.12wordpress

[
  {
    "product": "Fast Flow",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.2.12",
        "status": "affected",
        "version": "1.2.12",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf

Parameter	Position	Path	Description	CWE
page	request body	/wp-admin/admin.php?page=fast-tagger	Reflected Cross-Site Scripting via unsanitized page parameter in admin dashboard output	CWE-79

17 Jun 2026 04:22Current

6Medium risk

Vulners AI Score6

CVSS 24.3

CVSS 3.16.1

EPSS0.00857

CWE-79