CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-1938

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.7%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://wpscan.com/vulnerability/70aed824-c53e-4672-84c9-039dc34ed5fa
https://wpscan.com/vulnerability/70aed824-c53e-4672-84c9-039dc34ed5fa

Products affected by CVE-2022-1938

Awin » Awin Data Feed » Version: 1.6

cpe:2.3:a:awin:awin_data_feed:1.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-1938

Products

Pricing

Contact Us