CVE-2022-44594: WordPress All in One Time Clock Lite Plugin <= 1.3.320 is vulnerable to Cross Site Scripting (XSS)
First published: Sun Apr 23 2023(Updated: )
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin <= 1.3.320 versions.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress All in One Time Clock Lite | <1.3.321 |
Remedy
Update to 1.3.321 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-44594?
CVE-2022-44594 is classified as a high severity vulnerability due to its potential to allow unauthorized script execution.
How do I fix CVE-2022-44594?
To fix CVE-2022-44594, update the All in One Time Clock Lite plugin to version 1.3.321 or higher.
What types of attacks can CVE-2022-44594 facilitate?
CVE-2022-44594 can facilitate stored cross-site scripting (XSS) attacks, compromising user data and session integrity.
Who is affected by CVE-2022-44594?
CVE-2022-44594 affects installations of the All in One Time Clock Lite plugin version 1.3.320 and below on WordPress.
Is it safe to use older versions of the All in One Time Clock Lite plugin after CVE-2022-44594?
No, using older versions of the All in One Time Clock Lite plugin after CVE-2022-44594 is unsafe and poses a significant security risk.
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/remedy
- agent/title
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/codebangers
- canonical/wordpress all in one time clock lite