← back
CVE-2022-50970

WordPress Plugin AAWP 3.16 Reflected XSS via tab Parameter

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrary JavaScript in the context of authenticated users.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
Getaawp · WordPress Plugin AAWP
public PoCs found1
cve_referencewww.exploit-db.com/exploits/50643unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://getaawp.com/https://www.exploit-db.com/exploits/50643https://www.vulncheck.com/advisories/wordpress-plugin-aawp-reflected-xss-via-tab-parameter