CVE-2022-1093

CVE-2022-1093: WP Meta SEO < 4.4.7 - Admin+ Stored Cross-Site Scripting via breadcrumbs

Vendor Unknown

Product WP Meta SEO

Weakness CWE-79 · XSS

Published May 23, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed.

Key dates

02Disclosure timeline

May 23, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1093 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-4193 Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-56289 WordPress Groundhogg plugin <= 3.7.3.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-4076 Slider Bootstrap Carousel <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2026-33066 SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering CVE-2023-28705 Openfind Mail2000 - XSS (Reflected Cross-site scripting)