CVE-2022-0640: AP Pricing Tables Lite < 1.1.5 - Reflected Cross-Site Scripting
First published: Mon Mar 21 2022(Updated: )
The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpdevart Pricing Table Builder | <1.1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the Pricing Table Builder WordPress plugin?
The vulnerability ID for the Pricing Table Builder WordPress plugin is CVE-2022-0640.
What is the severity level of CVE-2022-0640?
The severity level of CVE-2022-0640 is medium.
What is the affected software for CVE-2022-0640?
The affected software for CVE-2022-0640 is the Pricing Table Builder WordPress plugin before version 1.1.5.
What is the CWE category for CVE-2022-0640?
The CWE category for CVE-2022-0640 is CWE-79.
How can I fix the CVE-2022-0640 vulnerability in the Pricing Table Builder WordPress plugin?
To fix the CVE-2022-0640 vulnerability in the Pricing Table Builder WordPress plugin, update to version 1.1.5 or later.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/wpdevart
- canonical/wpdevart pricing table builder