cleantalk
Vulnerabilities and Security Researches

WP Voting Contest Lite, CVE-2022-0321

CVE, Research URL

CVE-2022-0321

Home page URL

Security reports for WP Voting Contest Lite

Application

WP Voting Contest Lite

Published on
Mar 14, 2022
Research Description
The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue
Affected versions
Min -, max 3.0.
Status
vulnerable
Previous vulnerability researches
WP Voting Contest Lite (CVE-2022-0321) , Jun 07, 2024
WP Voting Contest Lite (CVE-2025-50017) , Jun 25, 2025
New vulnerability
EWWW Image Optimizer , Jun 25, 2025
eDS Responsive Menu (CVE-2025-49971) , Jun 25, 2025
Live Sports Streamthunder (CVE-2025-49967) , Jun 25, 2025
WP Voting Contest Lite (CVE-2025-50017) , Jun 25, 2025
Automatically Hierarchic Categories in Menu (CVE-2025-50048) , Jun 24, 2025