CVE-2022-0674

CVE-2022-0674: Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Kunze Law

Weakness CWE-79 · XSS

Published March 14, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Key dates

02Disclosure timeline

March 14, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0674

Related vulnerabilities

04Related CVE

CVE-2025-31021 WordPress Mobile Smart plugin <= v1.3.16 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-31568 WordPress LeadLab by wiredminds plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability CVE-2026-41591 Marko: XSS via case-insensitive script/style closing tag bypass in runtime HTML escaping CVE-2024-51825 WordPress Alert Me! plugin <= 0.4.0 - Cross Site Scripting (XSS) vulnerability CVE-2023-40604 WordPress Cookies by JM Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)