First published: Mon Aug 01 2022(Updated: )
The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sigmaplugin Advanced Wordpress Reset | <1.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2181 is a vulnerability in the Advanced WordPress Reset WordPress plugin before version 1.6 that allows for Reflected Cross-Site Scripting.
CVE-2022-2181 has a severity of medium with a score of 6.1.
CVE-2022-2181 affects the Advanced WordPress Reset plugin before version 1.6 by allowing for Reflected Cross-Site Scripting.
To fix CVE-2022-2181, it is recommended to update the Advanced WordPress Reset plugin to version 1.6 or later.
Yes, you can find more information about CVE-2022-2181 at the following reference link: [CVE-2022-2181 Reference](https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e)