CVE Published: 17/07/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2022 Source: WPScan |
Vendor: Unknown |
Product: CDI – Collect and Deliver Interface for Woocommerce Status : PUBLISHED
CVE-2022-1933 Description
The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting