CVE-2022-1095

CVE-2022-1095: Mihdan: No External Links < 5.0.2 - Admin+ Stored Cross-Site Scripting

Vendor Unknown
Product Mihdan: No External Links
Weakness CWE-79 · XSS
Published June 27, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Key dates

02Disclosure timeline

June 27, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-45050 Reflected XSS in Axiell Iguana CMS CVE-2024-25695 concatenated errors resulting in cross site scripting and frame injection issues. CVE-2021-24176 JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) CVE-2025-53297 WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability