WordPress Plugin Vulnerabilities

Ultimate Tables <= 1.6.5 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting

Affects Plugins

Plugin icon
ultimate-tables
No known fix

References

CVE
CVE-2022-36357

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Tien Nguyen Anh
Verified
No
WPVDB ID
4b29ab5f-3c8d-4e5d-ac1e-925f6b9c279f

Timeline

Publicly Published
2022-11-17 (about 3 years ago)
Added
2022-11-18 (about 3 years ago)
Last Updated
2022-11-18 (about 3 years ago)

Other

Published
Title
Published
2024-12-19
Title
Shipment Tracker for Woocommerce < 1.4.23.1 - Reflected Cross-Site Scripting
Published
2014-08-01
Title
Optinfirex - lp/index.php id Parameter Reflected XSS
Published
2021-07-12
Title
Frontend File Manager < 18.3 - Unauthenticated Content Injection and Stored XSS
Published
2025-02-17
Title
Reaction Buttons <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2023-04-17
Title
Mega Addons For WPBakery Page Builder < 4.3.0 - Contributor+ Stored XSS