{"uuid": "92e3c93b-e524-46ce-a85f-b85030de5fdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4307", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10099", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4307\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The \u067e\u0644\u0627\u06af\u06cc\u0646 \u067e\u0631\u062f\u0627\u062e\u062a \u062f\u0644\u062e\u0648\u0627\u0647 WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.\n\ud83d\udccf Published: 2023-01-23T14:31:29.119Z\n\ud83d\udccf Modified: 2025-04-02T15:24:55.434Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/4000ba69-d73f-4c5b-a299-82898304cebb", "creation_timestamp": "2025-04-02T15:33:27.000000Z"}