CVE-2022-4519 Information
Dec 16, 2022
cve
Description
The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to and including 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Reference
https://www.wordfence.com/threat-intel/vulnerabilities/id/8ee21796-5340-4f84-b1c4-a95137a27223 https://wordpress.org/plugins/wp-user/#description
Share on: