CVE-2022-2799

CVE-2022-2799: Affiliates Manager < 2.9.14 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Affiliates Manager

Weakness CWE-79 · XSS

Published September 16, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

September 16, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2799

Related vulnerabilities

04Related CVE

CVE-2024-13675 SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-35012 Open ISES Tickets < 3.44.2 Reflected XSS via add_facnote.php ticket_id Parameter CVE-2026-10510 GeniexWebView XSS in com.transsion.aiassistantlifestyle CVE-2024-11427 Catch Popup <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-51898 WordPress Semantic Shortcode plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability