CVE-2022-28290 – WordPress Country Selector <= 1.6.5 - Reflected Cross-Site Scripting via AJAX call of check_country_selector

https://notcve.org/view.php?id=CVE-2022-28290

30 Mar 2022 — Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request Una vulnerabilidad de tipo Cross-Site Scripting reflectante en el plugin Country Selector de WordPress versión 1.6.5. La carga útil de tipo XSS es ejecutada cada vez que el usuario intenta acceder a la página del selector de países con el payload especificado como parte d... • https://cybersecurityworks.com/zerodays/cve-2022-28290-reflected-cross-site-scripting-in-welaunch.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •