Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-4410

Published: 14/12/2022 Updated: 07/11/2023
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 0

Vulnerability Summary

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for malicious users to inject arbitrary web scripts on the permalink-manager page if another plugin or theme is installed on the site that allows lower privileged users with unfiltered_html the ability to modify post/page titles with malicious web scripts.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

permalink manager lite project permalink manager lite

References

CWE-79https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2833667%40permalink-manager&new=2833667%40permalink-manager&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/6cbf9636-9d9d-44d4-b873-8920f2dbb846https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367CVE-2024-3611CVE-2024-4947CVE-2024-32988CVE-2020-35165local file inclusionCVE-2024-4980bypassmalicious code‎
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook