Unrated severityNVD Advisory· Published Mar 14, 2022· Updated Aug 2, 2024
WP Voting Contest < 3.0 - Reflected Cross-Site Scripting
CVE-2022-0321
Description
The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.0+ 1 more
- (no CPE)range: <3.0
- (no CPE)range: 3.0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/286b81a0-6f6d-4024-9bbc-6cb373990a7amitrex_refsource_MISC
News mentions
0No linked articles in our index yet.