CVE-2022-1266

CVE-2022-1266: Post Grid, Slider & Carousel Ultimate < 1.5.0 - Admin+ Stored XSS

Vendor Unknown

Product Post Grid, Slider & Carousel Ultimate

Weakness CWE-79 · XSS

Published June 20, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

June 20, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1266

Related vulnerabilities

04Related CVE

CVE-2025-60000 Junos Space: Generate Report page is vulnerable to reflected cross-site script injection CVE-2021-26263 CVE-2022-29432 WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities CVE-2025-23611 WordPress WH Cache & Security plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-21284 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)