CVE-2022-1990

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
4.8MEDIUM
EPSS
0.3%
top 43.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Nested PagesKylephillips Nested Pages
Timeline
PublishedJun 27
Latest updateJun 18

Description

The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/nested_pages3.1.213.1.21

🔴Vulnerability Details

2
GHSA
GHSA-xqgh-cm65-m6gj: The Nested Pages WordPress plugin before 32022-06-28
CVEList
Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting2022-06-27

📋Vendor Advisories

1
Red Hat
kernel: f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data2025-06-18
CVE-2022-1990 (MEDIUM CVSS 4.8) | The Nested Pages WordPress plugin b | cvebase.io