Reflected Cross-Site Scripting in Permalink Manager Lite and Pro WordPress Plugins

Reflected Cross-Site Scripting in Permalink Manager Lite and Pro WordPress Plugins

CVE-2022-0201 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue

Learn more about our Wordpress Pen Testing.