CVE-2022-1772

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:google_places_reviews_project:google_places_reviews:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-06-13 06:15

Updated : 2022-06-21 10:39


NVD link : CVE-2022-1772

Mitre link : CVE-2022-1772


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

google_places_reviews_project

  • google_places_reviews