CVE-2022-1549

CVE-2022-1549: WP Athletics <= 1.1.7 - Subscriber+ Stored Cross-Site Scripting

Vendor Unknown
Product WP Athletics
Weakness CWE-79 · XSS
Published June 13, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability.

Key dates

02Disclosure timeline

June 13, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-9343 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting CVE-2022-47589 WordPress CTT Expresso para WooCommerce Plugin <= 3.2.11 is vulnerable to Cross Site Scripting (XSS) CVE-2023-0112 Cross-site Scripting (XSS) - Stored in usememos/memos CVE-2025-67630 WordPress WH Tweaks plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability CVE-2024-51604 WordPress Media Modal plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability