CVE-2022-1906
Copyright Proof <= 4.16 - Reflected Cross-Site-Scripting
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 0.9%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
01 Aug 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled.
Affected products
Unknown · Copyright ProofWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →