CVE-2022-2171

CVE-2022-2171: Progressive License <= 1.1.0 - CSRF to Stored XSS

Vendor Unknown
Product Progressive License
Weakness CWE-352 · CSRF
Published August 1, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.

Key dates

02Disclosure timeline

August 1, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE