WordPress Simple Theme Options plugin <= 1.6 - Stored Cross-Site Scripting (XSS) vulnerability

2022-02-2100:00:00

fuzzyap1

patchstack.com

wordpress

simple theme options

plugin

cross-site scripting

xss

vulnerability

fuzzyap1

deactivate

delete

EPSS

0.001

Percentile

24.8%

JSON

Stored Cross-Site Scripting (XSS) vulnerability discovered by fuzzyap1 in WordPress Simple Theme Options plugin (versions <= 1.6).

Solution

Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0700

wordpress.org/plugins/simple-theme-options/

wpscan.com/vulnerability/1bf1f255-1571-425c-92b1-02833f6a44a7

EPSS

0.001

Percentile

24.8%

JSON

Related for PATCHSTACK:2465EA752E432C1872F7D4C8A3598316