CVE-2022-1643

CVE-2022-1643: Birthdays Widget <= 1.7.18 - Admin+ Stored Cross Site Scripting

Vendor Unknown

Product Birthdays Widget

Weakness CWE-79 · XSS

Published May 30, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

Key dates

02Disclosure timeline

May 30, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1643 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-8681 Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component CVE-2022-22182 Junos OS: A XSS vulnerability allows an attacker to execute commands on a target J-Web session CVE-2025-25191 Group-Office has a Stored XSS Vulnerability via user's name field CVE-2024-33985 Cross-Site Scripting (XSS) vulnerability in Janobe products CVE-2024-51706 WordPress UW Freelancer plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability