PT-2022-20415 · WordPress · Wp Total Hacks
Daniel Ruf
·
Published
2022-10-31
·
Updated
2025-05-06
·
CVE-2022-3096
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP Total Hacks WordPress plugin versions through 4.7.2
Description
The issue allows low privilege users to modify the plugin's settings, potentially leading to Stored Cross-Site Scripting attacks against other users, including administrators, due to the lack of sanitisation and escaping.
Recommendations
For WP Total Hacks WordPress plugin versions through 4.7.2, update to a version that addresses the issue of low privilege users modifying plugin settings to prevent Stored Cross-Site Scripting attacks.
Exploit
Fix
Missing Authorization
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wp Total Hacks