Traffic Manager by SedLex

Traffic Manager by SedLex <= 1.4.5 - Subscriber+ Stored XSS

LANACOMMONVDB ID: 1664739f-6222-4d8f-8348-981e94196c7e

The plugin does not authorisation and does not sanitize as well as escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting (XSS) attacks.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/traffic-manager/

CVE: CVE-2022-42460

Attributes

Catgory: WordPress Plugin

Discovered: 2022-09-13

Published: 2022-10-24

Affected Version: <= 1.4.5

Classification

Type: Cross-Site Scripting (XSS), Missing Authorization

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).