CVE-2022-0201

MEDIUM NUCLEI

Permalink Manager Lite/Pro <2.2.15 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-0201 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue

Nuclei Templates (1)

WordPress Permalink Manager <2.2.15 - Cross-Site Scripting
MEDIUMby Akincibor

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4
Patch, Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2656512

Scores

CVSS v3 6.1
EPSS 0.0337
EPSS Percentile 87.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
permalink_manager_lite_project/permalink_manager_lite < 2.2.15
permalink_manager_project/permalink_manager < 2.2.15
Published Feb 14, 2022
Tracked Since Feb 18, 2026