CVE-2022-1027

CVE-2022-1027: Page Restriction WordPress < 1.2.7 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Page Restriction WordPress (WP) – Protect WP Pages/Post

Weakness CWE-79 · XSS

Published April 25, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users.

Key dates

02Disclosure timeline

April 25, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1027

Related vulnerabilities

04Related CVE

CVE-2025-10165 AP Background <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-8101 Stored XSS in aimhubio/aim CVE-2022-1726 Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in wenzhixin/bootstrap-table CVE-2024-53737 WordPress WP Mailster plugin <= 1.8.16.0 - Cross Site Scripting (XSS) vulnerability CVE-2025-43735