CVE-2022-0447

CVE-2022-0447: Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types

Vendor Unknown

Product Post Grid

Weakness CWE-79 · XSS

Published April 11, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

April 11, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0447 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-50943 Moodle LMS 4.0 Cross-Site Scripting via course search.php CVE-2021-24474 Awesome Weather Widget <= 3.0.2 - Reflected Cross-site Scripting (XSS) CVE-2022-1750 Sticky Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-40680 WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS) CVE-2025-64381 WordPress Booking Calendar plugin <= 10.14.7 - Cross Site Scripting (XSS) vulnerability