CVE-2022-1436

Name of the Vulnerable Software and Affected Versions WPCargo Track & Trace WordPress plugin versions prior to 6.9.5

Description The issue concerns a reflected Cross-Site Scripting attack. Attackers could exploit this by manipulating the wpcargo tracking number parameter, which is not properly sanitized and escaped before being outputted back on the page. This could allow attackers to perform reflected Cross-Site Scripting attacks.

Recommendations For versions prior to 6.9.5, update to version 6.9.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the wpcargo tracking number parameter to minimize the risk of exploitation.