Ravpage < 2.25 – Reflected Cross-Site Scripting | CVE 2022-29415

Affects Plugins

ravpage

Fixed in 2.25

References

CVE

CVE-2022-29415

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

Tien Nguyen Anh

Verified

Yes

WPVDB ID

3e948510-0c16-421e-ae3a-cc3c28d8f617

Timeline

Publicly Published

2022-04-28 (about 4 years ago)

Added

2022-04-28 (about 4 years ago)

Last Updated

2022-09-06 (about 3 years ago)

Other

Published

Title

Published

2026-01-06

Title

QR Code for WooCommerce order emails, PDF invoices, packing slips <= 1.9.42 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Attributes

Published

2026-01-23

Title

Same Category Posts < 1.1.20 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder

Published

2022-03-10

Title

UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting

Published

2024-08-01

Title

Element Pack Elementor Addons < 5.6.12 - Contributor+ Stored XSS

Published

2024-11-08

Title

WoW Guild Armory Roster <= 0.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting