CVE-2022-2384

CVE-2022-2384: Digital Publications by Supsystic < 1.7.4 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Digital Publications by Supsystic

Weakness CWE-79 · XSS

Published August 15, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

August 15, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2384 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-5286 SourceCodester Expense Tracker App Category add_category.php cross site scripting CVE-2022-40183 Reflected Cross Site Scripting (XSS) in VIDEOJET multi 4000 CVE-2020-11025 Authenticated cross-site scripting (XSS) in WordPress Customizer CVE-2023-48521 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2026-40986 Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML