CVE-2022-0209

CVE-2022-0209: Mitsol Social Post Feed < 1.11 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Mitsol Social Post Feed

Weakness CWE-79 · XSS

Published June 13, 2022

Last update January 31, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Key dates

02Disclosure timeline

June 13, 2022 CVE published

January 31, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0209 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2021-23881 Stored Cross Site Scripting in ENS CVE-2024-28984 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVE-2026-25847 CVE-2021-36864 WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability CVE-2022-4271 Cross-site Scripting (XSS) - Reflected in osticket/osticket