Awin Data Feed vulnerabilities
2 known vulnerabilities affecting awin/awin_data_feed.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-1937P3MEDIUMCVSS 6.1PoCfixed in 1.82022-07-11
CVE-2022-1937 [MEDIUM] CWE-79 CVE-2022-1937: The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outpu
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting
nvd
CVE-2022-1938P4MEDIUMCVSS 5.4fixed in 1.82022-07-11
CVE-2022-1938 [MEDIUM] CWE-79 CVE-2022-1938: The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings
nvd