← Back to CVE List
CVE-2022-0189
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt