Security Advisory

CVE-2022-1557

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-05-16 14:31:11

Last updated 2024-08-03 00:10:02

Assigner WPScan

State PUBLISHED

Description

The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings

← Browse all CVEs View on cve.org ↗