Medium severity4.7NVD Advisory· Published Feb 2, 2023· Updated Jun 17, 2026
CVE-2022-2546
CVE-2022-2546
Description
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <7.63
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/f84920e4-a1fe-47cf-9ba5-731989c70f58nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.