Lucene search
CydaveWPVDB-ID:92215D07-D129-49B4-A838-0DE1A944C06BHistoryMay 31, 2022 - 12:00 a.m.
Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
2022-05-3100:00:00
cydave
wpscan.com
3
0.001 Low
EPSS
Percentile
36.9%
The plugin does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting
PoC
With the “Compatibility Mode” (/wp-admin/edit.php?post_type=easy-pricing-table&page;=easy-pricing-tables-settings) setting enabled: https://example.com/wp-admin/admin-ajax.php?action=ptp_design4_color_columns&post;_id=1&column;_names=
| CPE | Name | Operator | Version |
|---|---|---|---|
| easy-pricing-tables | lt | 3.2.1 |
Related
wpexploit
wpexploit
Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
2022-05-31 00:00:00
prion
prion
Cross site scripting
2022-06-27 09:15:00
cnvd
cnvd
WordPress Pricing Tables plugin跨站脚本漏洞
2022-06-30 00:00:00
cvelist
cvelist
CVE-2022-1904 Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
2022-06-27 08:58:25
cve
cve
CVE-2022-1904
2022-06-27 09:15:10
nuclei
nuclei
WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting
2022-06-23 18:11:43
nvd
nvd
CVE-2022-1904
2022-06-27 09:15:10