CVE-2022-2391

CVE-2022-2391: Inspiro Pro < 7.2.3 - Contributor+ Stored Cross-Site Scripting

Vendor Unknown
Product Inspiro PRO
Weakness CWE-79 · XSS
Published August 8, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.

Key dates

02Disclosure timeline

August 8, 2022 CVE published
August 3, 2024 Record updated