Medium severity6.1NVD Advisory· Published May 16, 2022· Updated Jun 17, 2026
CVE-2022-1436
CVE-2022-1436
Description
The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WPCargo Track & Tracedescription
- Range: <6.9.5
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/d5c6f894-6ad1-46f4-bd77-17ad9234cfc3nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.