[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLuBL7_eZj78LFQGaU0H8KA0-imHacXaPDY0f-EMEek0":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-7c4ceb2e-c718-43e2-bb7b-ab0404271134-passwords-manager","passwords-manager-cross-site-scripting-via-pwdmscsvcategory-parameter","Passwords Manager \u003C= 1.4.4 - Cross-Site Scripting via pwdms_csv_category parameter","The Passwords Manager plugin is vulnerable to Cross-Site scripting via the pwdms_csv_category parameter in versions up to, and including, 1.4.4 due to insufficient sanitization and escaping. This makes it possible for administrators to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","passwords-manager",null,"\u003C=1.4.4","1.4.5","medium",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-05-21 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7c4ceb2e-c718-43e2-bb7b-ab0404271134?source=api-prod",612]