CVE-2022-0321

CVE-2022-0321: WP Voting Contest < 3.0 - Reflected Cross-Site Scripting

Vendor Unknown
Product WP Voting Contest
Weakness CWE-79 · XSS
Published March 14, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue

Key dates

02Disclosure timeline

March 14, 2022 CVE published
August 2, 2024 Record updated