cleantalk
Vulnerabilities and Security Researches

Cab fare calculator, CVE-2022-3556

CVE, Research URL

CVE-2022-3556

Home page URL

Security reports for Cab fare calculator

Application

Cab fare calculator

Published on
Sep 05, 2024
Research Description
The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 1.1.6.
Status
vulnerable
Previous vulnerability researches
Cab fare calculator (CVE-2022-3556) , Sep 07, 2024
Cab fare calculator (CVE-2022-1391) , Jun 07, 2024
Cab fare calculator (CVE-2025-23982) , Jan 29, 2025
New vulnerability
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025