2 matches found
CVE-2022-1436
The CVE-2022-1436 entry refers to the WPCargo Track & Trace WordPress plugin prior to version 6.9.5. The vulnerability is a reflected Cross-Site Scripting (XSS) flaw caused by the plugin not sanitising and escaping the wpcargo_tracking_number parameter before outputting it back in the page. This ...
CVE-2022-1436 WPCargo Track & Trace < 6.9.5 - Reflected Cross Site Scripting
The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargotrackingnumber parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks...