What is CVE-2022-0201?

CVE-2022-0201 is a medium-severity vulnerability in Maciej Bis Permalink Manager Lite, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2022-02-14.

How severe is CVE-2022-0201?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Is CVE-2022-0201 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Maciej Bis Permalink Manager Lite

CVE-2022-0201

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.034 (87.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Maciej Bis Permalink Manager Lite — versions 2.2.15
Maciej Bis Permalink Manager Pro — versions 2.2.15
Permalink_manager_lite_project Permalink_manager_lite
Permalink_manager_project Permalink_manager

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

contact@wpscan.com (Exploit, Third Party Advisory, x_refsource_MISC)
contact@wpscan.com (x_refsource_CONFIRM, Patch, Third Party Advisory)

Frequently asked questions

What is CVE-2022-0201?: CVE-2022-0201 is a medium-severity vulnerability in Maciej Bis Permalink Manager Lite, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2022-02-14.
How severe is CVE-2022-0201?: Medium severity. CVSS v3 base score is 6.1 out of 10.
Is CVE-2022-0201 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.