CVE-2022-1435

CVE-2022-1435: WPCargo Track & Trace < 6.9.5 - Admin+ Stored Cross Site Scripting

Vendor Unknown
Product WPCargo Track & Trace
Weakness CWE-79 · XSS
Published May 16, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitize and escapes some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

Key dates

02Disclosure timeline

May 16, 2022 CVE published
August 3, 2024 Record updated