CVE-2022-0649

CVE-2022-0649: Adrotate < 5.8.23 - Admin+ XSS via Group Name

Vendor Unknown

Product AdRotate – Ad manager & AdSense Ads

Weakness CWE-79 · XSS

Published May 2, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Key dates

02Disclosure timeline

May 2, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0649 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2021-38351 OSD Subscribe <= 1.2.3 Reflected Cross-Site Scripting CVE-2023-45637 WordPress EventPrime Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS) CVE-2023-53155 CVE-2022-2701 SourceCodester Simple E-Learning System claire_blake cross site scripting CVE-2024-12520 Dominion – Domain Checker for WPBakery <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting