CVE-2022-0598
Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
01 Aug 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected products
Unknown · Login with phone number