CVE-2022-0201

CVE-2022-0201: Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting

Vendor Maciej Bis

Product Permalink Manager Lite

Weakness CWE-79 · XSS

Published February 14, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue

Key dates

02Disclosure timeline

February 14, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0201 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-27425 WordPress Electric Studio Client Login Plugin <= 0.8.1 is vulnerable to Cross Site Scripting (XSS) CVE-2023-52292 IBM Sterling File Gateway cross-site scripting CVE-2024-29921 WordPress Photo Gallery by Supsystic plugin <= 1.15.16 - Cross Site Scripting (XSS) vulnerability CVE-2024-1987 WP-Members Membership Plugin <= 3.4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-41867 WordPress AcyMailing SMTP Newsletter Plugin <= 8.6.2 is vulnerable to Cross Site Scripting (XSS)

Identifiers

CVE CVE-2022-0201

CWE CWE-79

Affected versions

Vendor Maciej Bis

Product Permalink Manager Lite

Affected ≥ 2.2.15 and < 2.2.15

Vendor Maciej Bis

Product Permalink Manager Pro

Affected ≥ 2.2.15 and < 2.2.15