WP Accessibility Helper (WAH) < 0.6.0.7 - Reflected Cross-Site Scripting (XSS)
CVE-2022-0150

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Accessibility Helper (WAH)
Vendor: CVE Published:; 28 February 2022

Summary

The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue

Affected Version(s)

WP Accessibility Helper (WAH) 0.6.0.7

References

https://wpscan.com/vulnerability/7142a538-7c3d-4dd0-bd2c-...

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset/2661008

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 28, 2022
Vulnerability Reserved
Jan 7, 2022

Credit

Krzysztof Zając