QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2022-3096

Back to search

CVE-2022-3096

Published: Oct 31, 2022

Modified: May 6, 2025

PUBLISHED

Description

The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well.

VendorProductVersions

Unknown

WP Total Hacks

affected
4.7.2 - <= 4.7.2

Weaknesses (CWE)

CWE-862
CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now