CVE-2022-1644

CVE-2022-1644: Call&Book Mobile Bar <= 1.2.2 - Admin+ Stored Cross Site Scripting

Vendor Unknown
Product Call&Book Mobile Bar
Weakness CWE-79 · XSS
Published May 30, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

Key dates

02Disclosure timeline

May 30, 2022 CVE published
August 3, 2024 Record updated