CVE-2022-1436

CVE-2022-1436: WPCargo Track & Trace < 6.9.5 - Reflected Cross Site Scripting

Vendor Unknown

Product WPCargo Track & Trace

Weakness CWE-79 · XSS

Published May 16, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks.

Key dates

02Disclosure timeline

May 16, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1436

Related vulnerabilities

04Related CVE

CVE-2024-11807 NPS computy <= 2.8.0 - Reflected Cross-Site Scripting CVE-2025-9372 Ultimate Multi Design Video Carousel <= 1.4 - Authenticated (Editor+) Stored Cross-Site Scripting CVE-2026-7613 Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import CVE-2022-3144 Wordfence Security – Firewall & Malware Scan <= 7.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2025-23628 WordPress GeoDigs plugin <= 3.4.1 - Reflected Cross Site Scripting (XSS) vulnerability