CVE-2022-0449

CVE-2022-0449: Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting

Vendor Unknown

Product Flexi – Guest Submit

Weakness CWE-79 · XSS

Published March 14, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

March 14, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0449 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-22619 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'editar_permissoes.php' parameter 'msg_c' CVE-2025-14984 Gutenverse Form <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CVE-2024-0614 Events Manager <= 6.4.6.4 - Authenticated(Administator+) Stored Cross-Site Scripting via settings CVE-2023-43566 CVE-2024-49232 WordPress El mejor Cluster plugin <= 1.1.15 - Cross Site Scripting (XSS) vulnerability