WordPress Plugin Vulnerabilities

Responsive Pricing Table < 5.1.7 - Contributor+ Stored XSS

Description

The plugin does not sanitise and escape the fields.title parameter, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
dk-pricr-responsive-pricing-table
Fixed in 5.1.7

References

CVE
CVE-2022-46855

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
df87e2cb-7163-4d2f-b848-c9e2331bab7e

Timeline

Publicly Published
2023-02-07 (about 3 years ago)
Added
2023-03-28 (about 2 years ago)
Last Updated
2023-03-28 (about 2 years ago)

Other

Published
Title
Published
2017-12-10
Title
SagePay Server Gateway for WooCommerce <= 1.0.8 - Unauthenticated Cross-Site Scripting (XSS)
Published
2024-03-29
Title
Post-Plugin Library <= 2.6.2.1 - Reflected Cross-Site Scripting
Published
2022-08-09
Title
Social Slider Feed < 2.0.7 - Admin+ Stored XSS via Feeds
Published
2024-11-28
Title
Post Carousel Slider for Elementor < 1.6.0 - Contributor+ Stored XSS
Published
2015-04-20
Title
All in One SEO Pack <= 2.2.6.1 - Cross-Site Scripting (XSS)