CVE-2022-50970

Description

WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrary JavaScript in the context of authenticated users.

References

• https://getaawp.com/
• https://www.exploit-db.com/exploits/50643
• https://www.vulncheck.com/advisories/wordpress-plugin-aawp-reflected-xss-via-tab-parameter