CVE-2022-1250

Source
https://cve.org/CVERecord?id=CVE-2022-1250
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1250.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1250
Published
2022-05-02T16:05:50Z
Modified
2026-07-15T01:49:03.655936782Z
Summary
LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting
Details

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue

Database specific
{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1250.json",
    "cna_assigner": "WPScan",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "1.4.0"
                },
                {
                    "last_affected": "1.4.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        },
        {
            "extracted_events": [
                {
                    "fixed": "1.4.0"
                }
            ],
            "source": "DESCRIPTION"
        }
    ]
}
References

Affected packages

Git / github.com/gocodebox/lifterlms

Affected ranges

Type
GIT
Repo
https://github.com/gocodebox/lifterlms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:lifterlms:lifterlms:*:*:*:*:*:wordpress:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.0"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

1.*
1.0.0
1.1.1
1.2.4
1.2.5
1.2.6
1.3.0
1.3.10
1.3.2
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
v1.*
v1.3.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1250.json"