CVE-2022-0429 WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting

2022-03-0708:16:37

CWE-79

WPScan

www.cve.org

0.001 Low

EPSS

Percentile

44.4%

JSON

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability.

CNA Affected

[
  {
    "product": "WP Cerber Security, Anti-spam & Malware Scan",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "8.9.6",
        "status": "affected",
        "version": "8.9.6",
        "versionType": "custom"
      }
    ]
  }
]