{"id":"CVE-2022-1250","details":"The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue","modified":"2026-04-12T05:16:45.898585Z","published":"2022-05-02T16:15:08.837Z","references":[{"type":"ADVISORY","url":"https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"},{"type":"EVIDENCE","url":"https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gocodebox/lifterlms","events":[{"introduced":"0"},{"fixed":"3a67f0f62d79c7b2e9e198010edb740f69acbda6"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.4.0"}],"cpe":"cpe:2.3:a:lifterlms:lifterlms:*:*:*:*:*:wordpress:*:*","source":"CPE_FIELD"}}],"versions":["1.0.0","1.1.1","1.2.4","1.2.5","1.2.6","1.3.0","1.3.10","1.3.2","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","v1.3.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1250.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}