CVE-2022-1938

CVE-2022-1938: Awin Data Feed < 1.8 - Unauthenticated Stored Cross-Site Scripting

Vendor Unknown
Product Awin Data Feed
Weakness CWE-79 · XSS
Published July 11, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings

Key dates

02Disclosure timeline

July 11, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE