CVE-2022-1557

The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings
References
Link Resource
https://wpscan.com/vulnerability/e2b6dbf5-8709-4a2c-90be-3214ff55ed56 Exploit Third Party Advisory
https://packetstormsecurity.com/files/166564/ Exploit Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:uleak-security-dashboard_project:uleak-security-dashboard:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-05-16 08:15

Updated : 2022-05-24 18:44


NVD link : CVE-2022-1557

Mitre link : CVE-2022-1557


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

uleak-security-dashboard_project

  • uleak-security-dashboard