CVE-2022-1387

CVE-2022-1387: No Future Posts <= 1.4 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product No Future Posts

Weakness CWE-79 · XSS

Published May 30, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

Key dates

02Disclosure timeline

May 30, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1387 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-2395 weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting CVE-2025-22361 WordPress Opentracker Analytics Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-25362 WordPress FooGallery plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability CVE-2024-3670 Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) <= 3.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-12125 HTML Forms <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting