Page Restriction WordPress < 1.2.7 - Admin+ Stored Cross-Site Scripting
CVE-2022-1027

4.8MEDIUM

Key Information:

Vendor: Wordpress
Status: Page Restriction WordPress (WP) – Protect WP Pages/post
Vendor: CVE Published:; 25 April 2022

Summary

The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users.

Affected Version(s)

Page Restriction WordPress (WP) – Protect WP Pages/Post 1.2.7

References

https://wpscan.com/vulnerability/9dbb0d6d-bc84-4b85-8aa5-...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 25, 2022
Vulnerability Reserved
Mar 18, 2022

Credit

Niraj Mahajan