Lucene search
CydaveWPEX-ID:92215D07-D129-49B4-A838-0DE1A944C06BHistoryMay 31, 2022 - 12:00 a.m.
Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
2022-05-3100:00:00
cydave
80
0.001 Low
EPSS
Percentile
36.9%
The plugin does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting
With the "Compatibility Mode" (/wp-admin/edit.php?post_type=easy-pricing-table&page=easy-pricing-tables-settings) setting enabled:
https://example.com/wp-admin/admin-ajax.php?action=ptp_design4_color_columns&post_id=1&column_names=<script>alert(`xss`)</script>
Related
prion
prion
Cross site scripting
2022-06-27 09:15:00
wpvulndb
wpvulndb
Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
2022-05-31 00:00:00
cnvd
cnvd
WordPress Pricing Tables plugin跨站脚本漏洞
2022-06-30 00:00:00
cvelist
cvelist
CVE-2022-1904 Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
2022-06-27 08:58:25
cve
cve
CVE-2022-1904
2022-06-27 09:15:10
nuclei
nuclei
WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting
2022-06-23 18:11:43
nvd
nvd
CVE-2022-1904
2022-06-27 09:15:10