Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting
CVE-2022-0625

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Admin Menu Editor
Vendor
CVE Published:
9 May 2022

What is CVE-2022-0625?

The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

Affected Version(s)

Admin Menu Editor 1.0.4

References

https://wpscan.com/vulnerability/ec5c331c-fb74-4ccc-a4d4-...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ran Crane
.