Headline
CVE-2022-44591: WordPress Anthologize plugin <= 0.8.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress.
Verified
Fixed
4.8
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 0.8.0
PSID
0dd4cb0840dd
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-11-17
Details
Auth. Stored Cross-Site Scripting (XSS) vulnerability by Hoang Van Hiep aka sk4rl1ghT (Patchstack Alliance) in the WordPress Anthologize plugin (versions <= 0.8.0).
Solution
Update the WordPress Anthologize plugin to the latest available version (at least 0.8.1).
References