CVE-2022-1557

Name of the Vulnerable Software and Affected Versions ULeak Security & Monitoring WordPress plugin versions prior to 1.2.4

Description The issue concerns a lack of authorization and CSRF checks when updating settings, as well as insufficient sanitization and escaping in certain settings. This could allow authenticated users, such as subscribers, to perform Stored Cross-Site Scripting attacks against administrators viewing the settings.

Recommendations For ULeak Security & Monitoring WordPress plugin versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings update functionality to minimize the risk of exploitation.