CVE-2022-3934

Name of the Vulnerable Software and Affected Versions FlatPM WordPress plugin versions prior to 3.0.13

Description The issue exists due to the lack of protection of the web page structure. This could allow a remote attacker to conduct a cross-site scripting attack. The vulnerability is caused by the failure to sanitize and escape certain parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting. This could be used against high-privilege users, such as admins.

Recommendations For versions prior to 3.0.13, update to version 3.0.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected pages until the issue is resolved.