CVE-2022-0201

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
permalink_manager_lite_projectpermalink_manager_lite
𝑥
< 2.2.15
permalink_manager_projectpermalink_manager
𝑥
< 2.2.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/changeset/2656512
https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4
https://plugins.trac.wordpress.org/changeset/2656512
https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4