S4E

CVE-2022-1904 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Easy Pricing Tables plugin for WordPress affects v. efore 3.2.1.

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

29 days

Scan only one

URL

Toolbox

-

The Easy Pricing Tables plugin for WordPress is a popular tool used by website owners to create and display responsive pricing tables on their websites. The plugin offers a range of customization options, including different designs, layouts and pricing plans. With the Easy Pricing Tables plugin, website owners can easily create professional-looking pricing tables that help to improve the user experience and conversions on their website.

However, the plugin has recently been identified to have a vulnerability that exposes users to Reflected Cross-Site Scripting. This vulnerability, which has been tagged as CVE-2022-1904, is attributed to the plugin’s failure to sanitize and escape parameters before outputting them in a page. As such, any user, whether authorized or not, can exploit this vulnerability by injecting malicious code into the plugin’s parameters, leading to the execution of unwanted scripts on a user’s browser.

The exploitation of this vulnerability can have severe consequences for websites that use the Easy Pricing Tables plugin. Hackers can use this opportunity to steal sensitive information, such as users’ login credentials; execute phishing attacks; or even take over a website entirely. The vulnerability can also result in the installation of malware on users’ devices, leading to additional security risks and damage.

In conclusion, website owners need to be aware of the potential risks posed by vulnerabilities in their digital assets. Fortunately, platforms such as s4e.io offer pro features that can be used to quickly identify and mitigate such vulnerabilities. By using these features, website owners can ensure that their digital assets remain secure and free from attacks.

 

REFERENCES

Get started to protecting your Free Full Security Scan