Vulnerability Description
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Permalink Manager Lite Project | Permalink Manager Lite | < 2.2.15 |
| Permalink Manager Project | Permalink Manager | < 2.2.15 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2656512PatchThird Party Advisory
- https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4ExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2656512PatchThird Party Advisory
- https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4ExploitThird Party Advisory
FAQ
What is CVE-2022-0201?
CVE-2022-0201 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug ...
How severe is CVE-2022-0201?
CVE-2022-0201 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0201?
Check the references section above for vendor advisories and patch information. Affected products include: Permalink Manager Lite Project Permalink Manager Lite, Permalink Manager Project Permalink Manager.