CVE-2022-0252

CVE-2022-0252: Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool

Vendor Unknown

Product GiveWP – Donation Plugin and Fundraising Platform

Weakness CWE-79 · XSS

Published February 21, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

February 21, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0252 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2021-24423 UpdraftPlus < 1.16.59 - Admin+ Stored Cross-Site Scripting CVE-2024-1806 ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode CVE-2024-12394 Action Network <= 1.4.4 - Reflected Cross-Site Scripting CVE-2022-4697 ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2021-24503 Popular Brand SVG Icons - Simple Icons < 2.7.8 - Contributor+ Stored XSS