PT-2022-14968 · WordPress · The Very Simple Breadcrumb
Rahul Selvakumar
·
Published
2022-07-17
·
Updated
2022-07-18
·
CVE-2022-2149
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Very Simple Breadcrumb WordPress plugin through 1.0
Description
The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of its settings. This is possible even when the unfiltered html capability is disallowed.
Recommendations
For The Very Simple Breadcrumb WordPress plugin through 1.0, update to a version that properly sanitizes and escapes its settings to prevent Cross-Site Scripting attacks. As a temporary workaround, consider restricting administrative access to trusted users only until a patch is available.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Very Simple Breadcrumb