Headline
CVE-2022-26375: WordPress AB Press Optimizer plugin <= 1.1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology AB Press Optimizer plugin <= 1.1.1 on WordPress.
Verified
Not fixed
4.8
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 1.1.1
PSID
4cad9e9947bf
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-10-12
Details
Auth. Stored Cross-Site Scripting (XSS) vulnerability discovered by ptsfence (Patchstack Alliance) in WordPress AB Press Optimizer plugin (versions <= 1.1.1).
Solution
No patched version is available. No reply from the vendor.
References