CVE-2022-1220

The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

WordPress FoxyShop plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress FoxyShop plugin prior to...

Cross site scripting

The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-1220

CVE-2022-1220 affects the FoxyShop WordPress plugin prior to 4.8.2. The issue is a failure to sanitize and escape a parameter before it is echoed back on an admin page, resulting in a Reflected Cross-Site Scripting vulnerability. The exposure is in the admin context, with exploitation potentially...

CVE-2022-1220 FoxyShop < 4.8.2 - Reflected Cross-Site Scripting

The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

WordPress FoxyShop Plugin <= 4.6.0 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...