CVE-2022-1336

CVE-2022-1336: Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Carousel CK

Weakness CWE-79 · XSS

Published June 13, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

Key dates

02Disclosure timeline

June 13, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1336 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-4268 WP Go Maps (formerly WP Google Maps) <= 10.0.05 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings CVE-2022-1104 Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting CVE-2025-32634 WordPress Run Contests, Raffles, and Giveaways plugin <= 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-41831 WordPress Glossary Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS) CVE-2025-46987 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)