cbcvebase.
CVE-2022-2383
published 2022-08-22

CVE-2022-2383: The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected…

PriorityP278medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.87%
91.0th percentile
The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Affected

2 ranges
VendorProductVersion rangeFixed in
github.commigueldeicaza_swiftterm>= 0 < 1.2.01.2.0
slickremixfeed_them_social< 3.0.13.0.1

Detection & IOCsextracted from sources · hover to see the quote

url/?feed=fts&fts_dynamic_name=<script>alert(1)</script>
  • Reflected XSS via unsanitized parameter output in Feed Them Social plugin before 3.0.1; look for script injection in HTTP responses with Content-Type: text/html and HTTP 200 status
  • ·The Nuclei template digest/signature is present but the full parameter name and payload path are truncated in the source; the exact vulnerable parameter name is not fully disclosed in the provided sources.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ghsa7.3HIGH
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.