CVE-2022-1904 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in Easy Pricing Tables plugin for WordPress affects v. efore 3.2.1.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
29 days
Scan only one
URL
Toolbox
-
The Easy Pricing Tables plugin for WordPress is a popular tool used by website owners to create and display responsive pricing tables on their websites. The plugin offers a range of customization options, including different designs, layouts and pricing plans. With the Easy Pricing Tables plugin, website owners can easily create professional-looking pricing tables that help to improve the user experience and conversions on their website.
However, the plugin has recently been identified to have a vulnerability that exposes users to Reflected Cross-Site Scripting. This vulnerability, which has been tagged as CVE-2022-1904, is attributed to the plugin’s failure to sanitize and escape parameters before outputting them in a page. As such, any user, whether authorized or not, can exploit this vulnerability by injecting malicious code into the plugin’s parameters, leading to the execution of unwanted scripts on a user’s browser.
The exploitation of this vulnerability can have severe consequences for websites that use the Easy Pricing Tables plugin. Hackers can use this opportunity to steal sensitive information, such as users’ login credentials; execute phishing attacks; or even take over a website entirely. The vulnerability can also result in the installation of malware on users’ devices, leading to additional security risks and damage.
In conclusion, website owners need to be aware of the potential risks posed by vulnerabilities in their digital assets. Fortunately, platforms such as s4e.io offer pro features that can be used to quickly identify and mitigate such vulnerabilities. By using these features, website owners can ensure that their digital assets remain secure and free from attacks.
REFERENCES