CVE-2022-1549

Name of the Vulnerable Software and Affected Versions WP Athletics WordPress plugin versions 1.1.7 and earlier

Description The issue arises from the plugin's failure to sanitize parameters before storing them in the database and not escaping the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting issue. This allows malicious scripts to be stored and executed, potentially affecting the security of the WordPress installation.

Recommendations For WP Athletics WordPress plugin versions 1.1.7 and earlier, update to a version later than 1.1.7 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.