CVE-2022-50946 in Blog Posts Grid Pluginالمعلومات

الملخص

بحسب MITRE • 10/05/2026

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title parameter. Attackers with editor privileges can inject script payloads through the testimonial title field that execute in the browsers of other users viewing the draft post, enabling cookie theft and session hijacking.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

VulnCheck

حجز

11/01/2026

إفشاء

10/05/2026

الاعتدال

تمت الموافقة

إدخال

VDB-362528

CPE

جاهز

CWE

CWE-79 (مؤكد)

استغلال

تحميل

CVSS

6.4 (CNA)

EPSS

0.00032

KEV

لا

النشاطات

منخفض جدًا

القطاع

Education

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-50946
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-50946
CVE Details	https://www.cvedetails.com/cve/CVE-2022-50946/

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!