CVE-2022-1216

CVE-2022-1216: Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting

Vendor Unknown
Product Advanced Image Sitemap
Weakness CWE-79 · XSS
Published May 16, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.

Key dates

02Disclosure timeline

May 16, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-4500 Order Tracking Pro <= 3.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-54253 WordPress Xpro Addons For Elementor plugin <= 1.4.6.5 - Cross Site Scripting (XSS) vulnerability CVE-2024-51925 WordPress Testimonial Slider Shortcode plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability CVE-2025-22794 WordPress World Cup Predictor Plugin <= 1.9.8 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-45759 WordPress Peter’s Custom Anti-Spam Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)