Vulnerabilities > CVE-2022-0643 - Unspecified vulnerability in Bank Mellat Project Bank Mellat 1.0/1.3.5/1.3.7

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
bank-mellat-project

Summary

The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.