← back
CVE-2022-1557

ULeak Security & Monitoring <= 1.2.3 - Subscriber+ Stored Cross-Site Scripting

EPSS 1.1%CWE-79
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 May 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →