Limited Black Friday Offer:

WordPress CDI <5.1.9 - Cross Site Scripting CVE-2022-1933 Scanner

Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

WordPress CDI <5.1.9 - Cross Site Scripting CVE-2022-1933 Scanner Detail

The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting

https://wpscan.com/vulnerability/6cedb27f-6140-4cba-836f-63de98e521bf