RSS   Vulnerabilities for 'Awin data feed'   RSS

2022-07-11
 
CVE-2022-1937

CWE-79
 

 
The Awin Data Feed WordPress plugin through 1.6 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting

 
 
CVE-2022-1938

CWE-79
 

 
The Awin Data Feed WordPress plugin through 1.6 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings

 


Copyright 2024, cxsecurity.com

 

Back to Top