Vulnerability Details CVE-2022-1557
The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2022-1557
-
cpe:2.3:a:uleak-security-dashboard_project:uleak-security-dashboard:1.2.3