CVE-2022-28290
published 2022-04-25CVE-2022-28290: Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access…
PriorityP179medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.41%
69.3th percentile
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| welaunch | wordpress_country_selector | — | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
nuclei template matching cookie 'country_selector_' in WordPress Country Selector plugin
- →Reflected XSS triggers when a user accesses the country selector page with a malicious payload in the HTTP request; monitor GET/POST requests to the country selector page for script injection patterns in parameters. ↗
- →Detect presence of the WordPress Country Selector plugin (version 1.6.5) by identifying the 'country_selector_' cookie in HTTP traffic; a 200 OK response with text/html content-type alongside this cookie indicates a potentially vulnerable instance.
- ·The vulnerability is specific to WordPress Country Selector Plugin Version 1.6.5; other versions may not be affected. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wmqq-3wjj-mg5p: Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1
ghsa_unreviewed·2022-04-26
CVE-2022-28290 [MEDIUM] CWE-79 GHSA-wmqq-3wjj-mg5p: Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request
VulnCheck
welaunch wordpress_country_selector Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2022·CVSS 6.1
CVE-2022-28290 [MEDIUM] welaunch wordpress_country_selector Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
welaunch wordpress_country_selector Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request
Affected: welaunch wordpress_country_selector
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-05-16&host_type=src&vulnerability=cve-2022-28290
No detection rules found.
Nuclei
WordPress Country Selector <1.6.6 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-28290 [MEDIUM] WordPress Country Selector <1.6.6 - Cross-Site Scripting
WordPress Country Selector '
- 'country_selector_'
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4b0a00483046022100b021dfc76feac4613e2e87c62c3dfadffba8c9dcf461f2f43f598ae15c0aafa302210086c3d4cf36123b2b46968a707ccd6aa4cca5b0cb590e65d6c4771ab8f8bab2bc:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2022-04-25
Published
Exploited in the wild