The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-06-13T12:41:56

Updated: 2024-08-03T00:10:03.671Z

Reserved: 2022-05-02T00:00:00

Link: CVE-2022-1549

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-06-13T13:15:11.063

Modified: 2024-11-21T06:40:56.973

Link: CVE-2022-1549

cve-icon Redhat

No data.