WordPress Private Messages For WordPress plugin <= 2.1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

2022-05-2600:00:00

Ngo Van Thien (Alliance project)

patchstack.com

0.001 Low

EPSS

Percentile

22.7%

JSON

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Private Messages For WordPress plugin (versions <= 2.1.10).

Solution

Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download. This closure is temporary, pending a full review.

CPENameOperatorVersion
private messages for wordpressle2.1.10

CPE	Name	Operator	Version
	private messages for wordpress	le	2.1.10

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29442

wordpress.org/plugins/private-messages-for-wordpress/

0.001 Low

EPSS

Percentile

22.7%

JSON

Related for PATCHSTACK:E88D3A51D22DD6C635CB7BE3E5453316