CVE-2022-1557

CVE-2022-1557: ULeak Security & Monitoring <= 1.2.3 - Subscriber+ Stored Cross-Site Scripting

Vendor Unknown
Product ULeak Security & Monitoring Plugin
Weakness CWE-79 · XSS
Published May 16, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings

Key dates

02Disclosure timeline

May 16, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-1392 Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget CVE-2024-36175 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2022-2532 Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting CVE-2024-52344 WordPress Provide Forex Signals plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability CVE-2020-3356 Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability