CVE-2022-1028

CVE-2022-1028: WordPress Security < 4.2.1 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product WordPress Security – Firewall, Malware Scanner, Secure Login and Backup

Weakness CWE-79 · XSS

Published June 27, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)

Key dates

02Disclosure timeline

June 27, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1028

Related vulnerabilities

CVE-2022-1028: WordPress Security < 4.2.1 - Admin+ Stored Cross-Site Scripting

01Description

02Disclosure timeline

03References

04Related CVE