CVE-2022-0150

MEDIUM NUCLEI

WP Accessibility Helper <0.6.0.7 - XSS

Title source: llm

Description

The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue

Nuclei Templates (1)

WordPress Accessibility Helper <0.6.0.7 - Cross-Site Scripting

MEDIUMby dhiyaneshDK

References (2)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/7142a538-7c3d-4dd0-bd2c-cbd2efaf53c5

[Release Notes, Third Party Advisory] https://plugins.trac.wordpress.org/changeset/2661008

Scores

CVSS v3 6.1

EPSS 0.0113

EPSS Percentile 78.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

wp_accessibility_helper_project/wp_accessibility_helper < 0.6.0.7

Published Feb 28, 2022

Tracked Since Feb 18, 2026