Export All URLs < 4.2 – Editor+ Stored Cross-Site Scripting | CVE 2022-29452

Affects Plugins

export-all-urls

Fixed in 4.2

References

CVE

CVE-2022-29452

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.4 (low)

Miscellaneous

Original Researcher

Kim Jong Min

Verified

No

WPVDB ID

d63a853a-fe10-41d5-8264-0a54d26a2665

Timeline

Publicly Published

2022-05-27 (about 3 years ago)

Added

2022-06-16 (about 3 years ago)

Last Updated

2023-03-16 (about 3 years ago)

Other

Published

Title

Published

2024-12-13

Title

Bukza < 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-04-09

Title

Link Shield <= 0.5.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

2024-03-25

Title

Booster for WooCommerce < 7.1.8 - Reflected Cross-Site Scripting

Published

2024-10-14

Title

Crazy Call To Action Box <= 1.05 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2026-02-24

Title

Gecko 6.0 - Responsive Shopify Theme - RTL support <= 1.9.8 - Reflected Cross-Site Scripting