Vulnerabilities > CVE-2022-0640 - Unspecified vulnerability in Wpdevart Pricing Table Builder

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wpdevart

NVD

Published: 2022-03-21

Updated: 2024-11-21

Summary

The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

Vulnerable Configurations

Part	Description	Count
Application	Wpdevart Wpdevart Pricing Table Builder *	1

References

https://plugins.trac.wordpress.org/changeset/2684253
https://plugins.trac.wordpress.org/changeset/2684253
https://wpscan.com/vulnerability/f8405e06-9cf3-4acb-aebb-e80fb402daa9
https://wpscan.com/vulnerability/f8405e06-9cf3-4acb-aebb-e80fb402daa9