CVE-2022-2538 WP Hide & Security Enhancer < 1.8 - Reflected Cross-Site Scripting

2022-08-2917:15:36

CWE-79

WPScan

www.cve.org

wordpress

plugin

reflected cross-site scripting

EPSS

0.001

Percentile

40.2%

JSON

The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting

CNA Affected

[
  {
    "product": "WP Hide & Security Enhancer",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.8",
        "status": "affected",
        "version": "1.8",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/afa1e159-30bc-42d2-b3f8-8c868b113d3e

EPSS

0.001

Percentile

40.2%

JSON

Related for CVELIST:CVE-2022-2538