CVE-2022-0684

CVE-2022-0684: WP Home Page Menu < 3.1 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product WP Home Page Menu

Weakness CWE-79 · XSS

Published March 14, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Key dates

02Disclosure timeline

March 14, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0684 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-15283 Name Directory <= 1.30.3 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters CVE-2024-39610 CVE-2024-8328 HWA JIUH DIGITAL TECHNOLOGY Easy test Online Learning and Testing Platform - Reflected XSS CVE-2024-20512 Cisco Unified Contact Center Management Portal Reflected Cross-Site Scripting Vulnerability CVE-2025-52842 Laundry 2.3.0 - Account Takeover via Reflected XSS