Vulnerability CVE-2022-1527
Published: 2022-05-30

Description:
The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://wpscan.com/vulnerability/0260d5c0-52a9-44ce-b7be-aff642056d16
Copyright 2026, cxsecurity.com

 

Back to Top