2 matches found
CVE-2022-1218 Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting
The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-1218
CVE-2022-1218 affects the WordPress Domain Replace plugin (versions up to 1.3.8). The vulnerability is a reflected Cross-Site Scripting caused by failing to sanitise/escape a parameter before outputting it in an admin-page attribute. Impact is reflected-XSS access via crafted input; PoCs exist in...