Advanced Admin Search <= 1.1.5 is vulnerable to Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated

Published
2022-05-16

The Advanced Admin Search WordPress plugin through 1.1.2 does not sanitize and escape some parameters before outputting them back in an admin page, leading to Reflected Cross-Site Scripting.

CVE

https://www.cve.org/CVERecord?id=CVE-2022-0626

CVSS

Score:4.8

Severity:Medium

Version: 1.1.5

There is a patch available in v1.1.6 and we strongly recommend you update to this version as soon as possible.