3 matches found
CVE-2022-0252
The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting...
CVE-2022-0252 Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool
The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting...
CVE-2022-0252
The CVE-2022-0252 entry concerns the GiveWP WordPress plugin (versions before 2.17.3). The vulnerability arises from the plugin not escaping the json parameter before echoing it back in an attribute on the Import tool, enabling a Reflected Cross‑Site Scripting (XSS) attack. Affected component: th...