Medium severity5.4NVD Advisory· Published Oct 31, 2022· Updated Jun 17, 2026
CVE-2022-3096
CVE-2022-3096
Description
The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WP Total Hacksdescription
- Range: <=4.7.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/46996537-a874-4b2e-9cd7-7d0832f9704dnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.