Medium severity6.1NVD Advisory· Published May 2, 2022· Updated Jun 17, 2026
CVE-2022-1250
CVE-2022-1250
Description
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/LifterLMS PayPal WordPress plugindescription
- Range: <1.4.0
Patches
Vulnerability mechanics
References
2- wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718nvdExploitThird Party Advisory
- make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/nvdVendor Advisory
News mentions
0No linked articles in our index yet.