WordPress Plugin Vulnerabilities

Open RDW kenteken voertuiginformatie < 2.1.0 - Reflected XSS

Description

The plugin does not sanitise and escape the open_data_rdw_kenteken parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affects Plugins

Plugin icon
open-rdw-kenteken-voertuiginformatie
Fixed in 2.1.0

References

CVE
CVE-2022-47431

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
minhtuanact
Verified
Yes
WPVDB ID
4f74bc64-e728-41e4-8c5c-5502cb5d7676

Timeline

Publicly Published
2023-03-17 (about 2 years ago)
Added
2023-03-23 (about 2 years ago)
Last Updated
2023-03-23 (about 2 years ago)

Other

Published
Title
Published
2016-07-20
Title
Lazy Load <= 0.6 - Cross-Site Scripting (XSS)
Published
2025-09-22
Title
Save as PDF < 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-04-19
Title
ShopLentor < 2.8.2 - Contributor+ Stored XSS
Published
2024-07-31
Title
Element Pack - Addon for Elementor Page Builder WordPress Plugin < 7.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL
Published
2022-11-10
Title
WPUpper Share Buttons < 3.43 - Admin+ Stored XSS