CVE-2022-4260

MEDIUM NUCLEI

Wp-ban < 1.69.1 - XSS

Title source: rule

Description

The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Nuclei Templates (1)

WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting

MEDIUMVERIFIEDby Hardik-Solanki

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/d0cf24be-df87-4e1f-aae7-e9684c88e7db

Scores

CVSS v3 4.8

EPSS 0.0097

EPSS Percentile 76.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

Status published

Products (1)

wp-ban_project/wp-ban < 1.69.1

Published Jan 02, 2023

Tracked Since Feb 18, 2026