What is the severity of CVE-2022-1028?

CVE-2022-1028 has a severity rating of 4.8, which is considered medium.

How does CVE-2022-1028 affect the plugin?

CVE-2022-1028 affects the WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before version 4.2.1 by allowing malicious users with administrator privileges to store and execute malicious JavaScript code.

How can the vulnerability be exploited?

The vulnerability in CVE-2022-1028 can be exploited through Cross-Site Scripting attacks when unfiltered_html is not properly sanitized and escaped by the plugin.

Vulnerability/
CVE-2022-1028

medium

4.8

CWE

27/6/2022

2/8/2024

CVE-2022-1028: WordPress Security < 4.2.1 - Admin+ Stored Cross-Site Scripting

Q: What is CVE-2022-1028?

CVE-2022-1028 is a vulnerability in the WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before version 4.2.1.

Q: How can I fix CVE-2022-1028?

To fix CVE-2022-1028, it is recommended to update the WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin to version 4.2.1 or later.

First published: Mon Jun 27 2022(Updated: )

The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)

Credit: contact@wpscan.com

Affected Software	Affected Version	How to fix
MiniOrange WordPress Security	<4.2.1

Never miss a vulnerability like this again

Reference Links

https://wpscan.com/vulnerability/16fc08ec-8476-4f3c-93ea-6a51ed880dd5

Frequently Asked Questions

What is CVE-2022-1028?
CVE-2022-1028 is a vulnerability in the WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before version 4.2.1.
What is the severity of CVE-2022-1028?
CVE-2022-1028 has a severity rating of 4.8, which is considered medium.
How does CVE-2022-1028 affect the plugin?
CVE-2022-1028 affects the WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before version 4.2.1 by allowing malicious users with administrator privileges to store and execute malicious JavaScript code.
How can the vulnerability be exploited?
The vulnerability in CVE-2022-1028 can be exploited through Cross-Site Scripting attacks when unfiltered_html is not properly sanitized and escaped by the plugin.
How can I fix CVE-2022-1028?
To fix CVE-2022-1028, it is recommended to update the WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin to version 4.2.1 or later.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/weakness
agent/references
agent/title
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/miniorange
canonical/miniorange wordpress security

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.