CVE-2022-1566

CVE-2022-1566: Quotes llama < 1.0.0 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Quotes llama

Weakness CWE-79 · XSS

Published May 30, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file

Key dates

02Disclosure timeline

May 30, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1566

Related vulnerabilities

04Related CVE

CVE-2025-12065 WP Carticon <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-47673 WordPress Post Pay Counter Plugin <= 2.784 is vulnerable to Cross Site Scripting (XSS) CVE-2023-29027 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack CVE-2025-24764 WordPress (Simply) Guest Author Name plugin <= 4.36 - Cross Site Scripting (XSS) Vulnerability CVE-2026-23979 WordPress Gyan Elements plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability