Word Search Puzzles game <= 2.0.1 – Contributor+ Stored XSS | CVE 2022-36383

Affects Plugins

wha-wordsearch

No known fix

References

CVE

CVE-2022-36383

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Vlad Vector

Verified

No

WPVDB ID

9d53f456-8274-4cdd-9741-dc81fb1d9a20

Timeline

Publicly Published

2022-09-01 (about 3 years ago)

Added

2022-09-21 (about 3 years ago)

Last Updated

2022-09-21 (about 3 years ago)

Other

Published

Title

Published

2025-02-04

Title

WP Extra Fields <= 1.0.1 - Reflected XSS

Published

2024-06-05

Title

WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG

Published

2025-09-22

Title

Penci Podcast < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-08-09

Title

AddToAny < 1.7.46 - Admin+ Stored XSS

Published

2023-02-09

Title

Scriptless Social Sharing < 3.2.2 - Contributor+ Stored XSS