Lucene search
WPScanCVELIST:CVE-2022-4200HistoryJan 02, 2023 - 9:49 p.m.
CVE-2022-4200 Login with Cognito <= 1.4.8 - Admin+ Stored XSS
2023-01-0221:49:34
WPScan
www.cve.org
1
cve-2022-4200; login with cognito; stored xss; wordpress plugin; stored cross-site scripting; multisite setup; high privilege users; admin
The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CNA Affected
[
{
"vendor": "Unknown",
"product": "Login with Cognito",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.4.8"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
Login with Cognito < 1.4.9 - Admin+ Stored XSS
2022-12-07 00:00:00
nvd
nvd
CVE-2022-4200
2023-01-02 22:15:16
cve
cve
CVE-2022-4200
2023-01-02 22:15:16
wpexploit
wpexploit
Login with Cognito < 1.4.9 - Admin+ Stored XSS
2022-12-07 00:00:00
prion
prion
Cross site scripting
2023-01-02 22:15:00
nessus
nessus
Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)
2024-05-02 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00