CVE-2022-0422

MEDIUM NUCLEI

White Label CMS <2.2.9 - XSS

Title source: llm

Description

The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue

Nuclei Templates (1)

WordPress White Label CMS <2.2.9 - Cross-Site Scripting

MEDIUMby random-robbie

References (2)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/429be4eb-8a6b-4531-9465-9ef0d35c12cc

[Patch, Third Party Advisory] https://plugins.trac.wordpress.org/changeset/2672615

Scores

CVSS v3 6.1

EPSS 0.0734

EPSS Percentile 91.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

videousermanuals/white_label_cms < 2.2.9

Published Mar 07, 2022

Tracked Since Feb 18, 2026