2 matches found
CVE-2022-1937
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...
CVE-2022-1937
The CVE-2022-1937 issue affects the WordPress Awin Data Feed plugin, specifically versions prior to 1.8. The vulnerability is a Reflected Cross‑Site Scripting caused by failing to sanitize/escape a parameter before echoing it back via an AJAX action that is accessible to both unauthenticated and ...