CVE-2022-2001

Name of the Vulnerable Software and Affected Versions DX Share Selection plugin for WordPress versions up to, and including 1.4

Description The issue is due to missing nonce protection on the dxss admin page() function found in the ~/dx-share-selection.php file, making it possible for unauthenticated attackers to inject malicious web scripts into the page. This can happen if an attacker can trick a site's administrator into performing an action such as clicking on a link.

Recommendations For versions up to, and including 1.4, consider disabling the dxss admin page() function until a patch is available to prevent exploitation. Restrict access to the ~/dx-share-selection.php file to minimize the risk of malicious script injection. Avoid performing actions that could be triggered by an attacker, such as clicking on suspicious links, to reduce the risk of exploitation.