CVE-2022-2341

CVE-2022-2341: Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Simple Page Transition

Weakness CWE-79 · XSS

Published July 25, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

Key dates

02Disclosure timeline

July 25, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2341 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-7314 Nagios XI < 5.11.3 XSS via Bandwidth Report CVE-2024-29098 WordPress WP Calameo plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability CVE-2023-53919 PodcastGenerator Stored Cross-Site Scripting via Freebox Content Field CVE-2024-22293 WordPress BP Profile Search Plugin <= 5.5 is vulnerable to Cross Site Scripting (XSS) CVE-2024-29107 WordPress Elementor Addon Elements plugin <= 1.12.10 - Cross Site Scripting (XSS) vulnerability