CVE-2022-1906
MEDIUM NUCLEICopyright Proof WordPress Plugin < 4.16 - Reflected Cross-Site Scripting via AJAX Action Parameter
Title source: llmExploitation Summary
CVE-2022-1906 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled.
Nuclei Templates (1)
WordPress Copyright Proof <=4.16 - Cross-Site-Scripting
MEDIUMVERIFIEDby random-robbie
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/af4f459e-e60b-4384-aad9-0dc18aa3b338
Scores
CVSS v3
6.1
EPSS
0.0092
EPSS Percentile
55.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
digiprove/copyright_proof
< 4.16
Published
Aug 01, 2022
Tracked Since
Feb 18, 2026