Unrated severityNVD Advisory· Published Mar 14, 2022· Updated Aug 2, 2024

WP Voting Contest < 3.0 - Reflected Cross-Site Scripting

CVE-2022-0321

Description

The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue

Affected products

Unknown/Wp Voting Contestv5
Range: 3.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/286b81a0-6f6d-4024-9bbc-6cb373990a7amitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000