WordPress Plugin Vulnerabilities

WP Search Analytics < 1.4.6 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role of Administrator to perform Cross-Site Scripting attacks

Affects Plugins

Plugin icon
search-analytics
Fixed in 1.4.6

References

CVE
CVE-2022-47587

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Justiice
Verified
No
WPVDB ID
6a756ece-e036-4171-b329-bf1febed2e0d

Timeline

Publicly Published
2023-04-28 (about 3 years ago)
Added
2023-05-10 (about 3 years ago)
Last Updated
2023-05-10 (about 3 years ago)

Other

Published
Title
Published
2020-10-29
Title
WordPress < 5.5.2 - Cross-Site Scripting (XSS) via Global Variables
Published
2017-08-08
Title
Bridge Theme <= 11.1 - DOM Cross-Site Scripting (XSS)
Published
2024-06-27
Title
DL Verification <= 1.2 - Admin+ Stored XSS
Published
2014-08-01
Title
snazzy-archives <= 1.7.1 - swf/tagcloud.swf tagcloud Parameter XSS
Published
2024-03-25
Title
RoyalSlider < 3.4.3 - Reflected Cross-Site Scripting