Export Post Info < 1.2.0 – Admin+ Stored Cross-Site Scripting | CVE 2022-38068

Affects Plugins

export-post-info

Fixed in 1.2.0

References

CVE

CVE-2022-38068

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.4 (low)

Miscellaneous

Original Researcher

Mika

Verified

No

WPVDB ID

ead1f0b2-fe43-4be1-92bf-3a7dfb23a5bf

Timeline

Publicly Published

2022-09-08 (about 3 years ago)

Added

2022-09-15 (about 3 years ago)

Last Updated

2022-09-15 (about 3 years ago)

Other

Published

Title

Published

2015-08-21

Title

Crazy Bone < 0.6.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

Published

2023-07-13

Title

Dovetail <= 1.2.13 - Admin+ Stored Cross-Site Scripting

Published

2023-02-07

Title

Yellow Yard < 2.8.12 - Contributor+ Stored XSS

Published

2024-04-26

Title

Fan Page Widget by ThemeNcode < 2.1 - Admin+ Stored XSS

Published

2024-03-26

Title

Preview E-mails for WooCommerce < 2.2.2 - Reflected Cross-Site Scripting