← back
CVE-2022-0201

Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting

EPSS 3.4%CWE-79
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue
Affected products
Maciej Bis · Permalink Manager LiteMaciej Bis · Permalink Manager Pro

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://plugins.trac.wordpress.org/changeset/2656512https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4