5 matches found
CVE-2022-2546
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...
Exploit for CVE-2022-2546
All-in-One WP Migration " Affect...
CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...
CVE-2022-2546
The CVE-2022-2546 issue affects WordPress All-in-One WP Migration plugin < 7.63. The vulnerability arises from using the wrong content type and not properly escaping the ai1wm_export response, enabling an attacker to craft a request that, when submitted by a visitor, injects arbitrary HTML/Jav...
CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...