Vulnerability CVE-2022-1324


Published: 2022-08-01

Description:
The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://wpscan.com/vulnerability/2ce2a387-acc8-482a-9452-a4d9acb187fd

Copyright 2026, cxsecurity.com

 

Back to Top