← Back

Awin Data Feed

awin_data_feed

Vendor: Awin • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-1938
1Awin
1Awin Data Feed
Nov 21, 2024
Jul 11, 2022
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks again...Show more
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settingsShow less
CVE-2022-1937
1Awin
1Awin Data Feed
Nov 21, 2024
Jul 11, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cro...Show more
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site ScriptingShow less