CVE-2022-2181: XSS
First published: Mon Aug 01 2022(Updated: )
The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sigmaplugin Advanced Wordpress Reset | <1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-2181?
CVE-2022-2181 is a vulnerability in the Advanced WordPress Reset WordPress plugin before version 1.6 that allows for Reflected Cross-Site Scripting.
What is the severity of CVE-2022-2181?
CVE-2022-2181 has a severity of medium with a score of 6.1.
How does CVE-2022-2181 affect the Advanced WordPress Reset plugin?
CVE-2022-2181 affects the Advanced WordPress Reset plugin before version 1.6 by allowing for Reflected Cross-Site Scripting.
How can I fix CVE-2022-2181?
To fix CVE-2022-2181, it is recommended to update the Advanced WordPress Reset plugin to version 1.6 or later.
Is there any additional information about CVE-2022-2181?
Yes, you can find more information about CVE-2022-2181 at the following reference link: [CVE-2022-2181 Reference](https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e)
- collector/nvd-index
- vendor/sigmaplugin
- canonical/sigmaplugin advanced wordpress reset