Vulnerabilities > CVE-2022-1938 - Unspecified vulnerability in Awin Data Feed 1.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |