216.73.217.64

CVE-2022-50970

· Published 10/05/2026 13:16 · Modified 10/05/2026 13:16

Labels: CVE-2022-50970 2026-05-10CVE-2022-50970CWE-79[email protected]

Essential information

Published
10/05/2026 13:16
Modified
10/05/2026 13:16
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrary JavaScript in the context of authenticated users.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wordpress / aawp cpe:2.3:a:wordpress:aawp:*:*:*:*:*:wordpress:*:*

References