Search Exclude < 1.2.7 – Author+ Stored Cross-Site Scripting | CVE 2022-36282

Affects Plugins

search-exclude

Fixed in 1.2.7

References

CVE

CVE-2022-36282

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

4.8 (medium)

Miscellaneous

Original Researcher

Muhammad Daffa

Verified

No

WPVDB ID

52841b21-493f-4e63-bcbf-528089955e4f

Timeline

Publicly Published

2022-08-22 (about 3 years ago)

Added

2022-08-24 (about 3 years ago)

Last Updated

2023-05-16 (about 2 years ago)

Other

Published

Title

Published

2014-06-12

Title

Walk Score <= 0.5.5 - Multiple XSS

Published

2023-01-27

Title

Blocksy Companion < 1.8.68 - Contributor+ Stored XSS

Published

2026-04-16

Title

Royal Elementor Addons Pro < 1.7.1041 - Unauthenticated Stored Cross-Site Scripting

Published

2022-08-15

Title

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Multiple Reflected Cross-Site Scripting

Published

2024-12-17

Title

BU Section Editing <= 0.9.9 - Reflected Cross-Site Scripting