WordPress Plugin Vulnerabilities

KB Support < 1.5.6 - Unauthenticated Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape multiple parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
kb-support
Fixed in 1.5.6

References

CVE
CVE-2022-27852

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Ngo Van Thien
Verified
No
WPVDB ID
ded97b05-e66d-43b0-9ee0-5539b4ae4a77

Timeline

Publicly Published
2022-04-15 (about 4 years ago)
Added
2022-04-16 (about 4 years ago)
Last Updated
2022-11-23 (about 3 years ago)

Other

Published
Title
Published
2025-03-31
Title
WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder < 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-01-12
Title
WP-DownloadManager < 1.68.7 - Admin+ Stored Cross-Site Scripting
Published
2021-12-27
Title
WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
Published
2024-09-16
Title
Verbosa < 1.2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-03-25
Title
DearFlip < 2.2.27 - Contributor+ Stored XSS