CVE-2022-1220

CVE-2022-1220: FoxyShop < 4.8.2 - Reflected Cross-Site Scripting

Vendor Unknown

Product FoxyShop

Weakness CWE-79 · XSS

Published July 11, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

July 11, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1220

Related vulnerabilities

04Related CVE

CVE-2024-10882 Product Delivery Date for WooCommerce - Lite <= 2.8.0 - Reflected Cross-Site Scripting CVE-2025-9565 Blocksy Companion <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via blocksy_newsletter_subscribe Shortcode CVE-2024-45740 Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise CVE-2025-54704 WordPress Easy Elementor Addons plugin <= 2.2.6 - Cross Site Scripting (XSS) Vulnerability CVE-2026-8221 Devs Palace ERP Online item-save cross site scripting