Vulnerability Details CVE-2022-1933
The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting
Exploit prediction scoring system (EPSS) score
EPSS Score 0.145
EPSS Ranking 94.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2022-1933
-
Collect And Deliver Interface For Woocommerce Project » Collect And Deliver Interface For Woocommerce » Version: Anycpe:2.3:a:collect_and_deliver_interface_for_woocommerce_project:collect_and_deliver_interface_for_woocommerce:*