CVE-2022-1250

medium

Description

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue

References

https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718

https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/

Details

Source: Mitre, NVD

Published: 2022-05-02

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.0115