CVE-2022-1569

CVE-2022-1569: WordPress Forms by Pie Forms < 1.4.9.4 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more!

Weakness CWE-79 · XSS

Published June 6, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

Key dates

02Disclosure timeline

June 6, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1569

Related vulnerabilities

04Related CVE

CVE-2026-41241 pretalx: Stored cross-site scripting in organiser search typeahead CVE-2024-11881 Easy Waveform Player <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-31476 tarteaucitron.js allows url scheme injection via unfiltered inputs CVE-2025-69085 WordPress JobBank plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-35453 PhpSpreadsheet XSS via number format text substitution in HTML Writer