CVE-2022-1990

CVE-2022-1990: Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting

Vendor Unknown

Product Nested Pages

Weakness CWE-79 · XSS

Published June 27, 2022

Last update November 20, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed

Key dates

02Disclosure timeline

June 27, 2022 CVE published

November 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1990 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-31805 WordPress Gutena Kit plugin <= 2.0.7 - Cross Site Scripting (XSS) vulnerability CVE-2026-0835 CVE-2021-36873 WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability CVE-2025-14891 Customer Reviews for WooCommerce <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter CVE-2018-0201