Lucene search
WPScanCVELIST:CVE-2022-2546HistoryFeb 02, 2023 - 8:28 a.m.
CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS
2023-02-0208:28:46
WPScan
www.cve.org
cve-2022-2546
all-in-one wp migration
unauthenticated reflected xss
wrong content type
ajax action
static secret key
arbitrary html.
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key
CNA Affected
[
{
"vendor": "Unknown",
"product": "All-in-One WP Migration",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "7.63"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS
2022-08-23 00:00:00
prion
prion
Design/Logic Flaw
2023-02-02 09:15:00
wpexploit
wpexploit
All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS
2022-08-23 00:00:00
openvas
openvas
WordPress All-in-One WP Migration Plugin < 7.63 XSS Vulnerability
2023-02-03 00:00:00
patchstack
patchstack
nuclei
nuclei
WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting
2022-09-25 07:25:10
QNAP QTS and Photo Station 6.0.3 - Remote Command Execution
2023-08-04 05:30:54
cve
cve
CVE-2022-2546
2023-02-02 09:15:08
nvd
nvd
CVE-2022-2546
2023-02-02 09:15:08