The پلاگین پرداخت دلخواه WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-01-23T14:31:29.119Z

Updated: 2024-08-03T01:34:50.151Z

Reserved: 2022-12-06T13:08:27.743Z

Link: CVE-2022-4307

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-23T15:15:14.360

Modified: 2024-11-21T07:34:58.983

Link: CVE-2022-4307

cve-icon Redhat

No data.