WordPress Plugin Vulnerabilities

WSB Brands < 1.2 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin or above to perform Cross-Site Scripting attacks.

Affects Plugins

Plugin icon
wsb-brands
Fixed in 1.2

References

CVE
CVE-2022-47437

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
TEAM WEBoB of BoB 11th
Verified
No
WPVDB ID
2da4cae9-b2f2-4855-92b2-bf14d45d98c5

Timeline

Publicly Published
2023-03-15 (about 2 years ago)
Added
2023-05-08 (about 2 years ago)
Last Updated
2023-05-08 (about 2 years ago)

Other

Published
Title
Published
2017-08-08
Title
Updraftplus < 1.13.5 - XSS
Published
2025-12-15
Title
Rencontre < 3.13.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2025-11-10
Title
Ungapped Widgets <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2025-03-03
Title
WP Tabs < 2.2.7 - Admin+ Stored XSS
Published
2025-01-16
Title
Send to a Friend Addon <= 1.4.1 - Reflected Cross-Site Scripting