CVE-2022-1994

CVE-2022-1994: Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Login With OTP Over SMS, Email, WhatsApp and Google Authenticator

Weakness CWE-79 · XSS

Published June 27, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

Key dates

02Disclosure timeline

June 27, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1994 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-47629 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability CVE-2024-52830 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-1172 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion CVE-2025-3704 WordPress Volunteer Sign Up Sheets plugin < 5.5.5 - Cross Site Scripting (XSS) vulnerability CVE-2025-57954 WordPress Poll Maker Plugin <= 6.0.2 - Cross Site Scripting (XSS) Vulnerability