CVE-2022-1763

CVE-2022-1763: Static Page eXtended <= 2.1 - Arbitrary Settings Update via CSRF to Stored XSS

Vendor Unknown

Product Static Page eXtended

Weakness CWE-352 · CSRF

Published June 13, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings

Key dates

02Disclosure timeline

June 13, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1763 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2024-13510 ShopSite <= 1.5.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2025-6670 Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services CVE-2023-45753 WordPress which template file Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2020-36741 MultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass CVE-2025-13527 xShare <= 1.0.1 - Cross-Site Request Forgery to 'rs_plugin_reset' Parameter