CVE-2022-3144 in Firewall & Malware Scan Plugin
Summary
by MITRE • 09/23/2022
The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with administrative privileges, to inject malicious web scripts into the setting that executes whenever a user accesses a page displaying the affected setting on sites running a vulnerable version.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/08/2026
The CVE-2022-3144 vulnerability affects the Wordfence Security plugin for WordPress, specifically versions up to and including 7.6.0, representing a critical stored cross-site scripting flaw that undermines the security integrity of WordPress installations. This vulnerability resides within the plugin's options page where administrative settings are configured, creating a persistent threat vector that can compromise user sessions and execute malicious code within the context of the victim's browser. The flaw stems from inadequate input sanitization and output escaping mechanisms that fail to properly neutralize potentially malicious content entered by authenticated administrators into the plugin's configuration fields.
The technical exploitation of this vulnerability requires an attacker to possess administrative privileges within the WordPress environment, which significantly reduces the attack surface but does not eliminate the risk entirely. Attackers can leverage this privilege to inject malicious JavaScript payloads into the plugin's settings, which then get stored in the WordPress database and executed whenever any user with sufficient privileges accesses the affected configuration page. This stored nature of the vulnerability means that the malicious code persists across server restarts and user sessions, creating a long-term threat that can affect multiple users over extended periods. The vulnerability directly maps to CWE-79, which describes improper neutralization of input during web page generation, and aligns with ATT&CK technique T1548.002 for privilege escalation through malicious configuration modifications.
The operational impact of CVE-2022-3144 extends beyond simple script execution, potentially enabling sophisticated attacks such as session hijacking, credential theft, or redirection to malicious domains. When administrators access the compromised settings page, their browsers execute the injected JavaScript code, which could steal cookies, capture keystrokes, or redirect users to phishing sites. The vulnerability's persistence means that even if administrators attempt to correct the malicious entries, the stored payload continues to execute, creating a continuous threat that requires database-level intervention for complete remediation. This makes the vulnerability particularly dangerous in enterprise environments where administrative access is often centralized and maintained by trusted personnel who may not be immediately aware of the compromise.
Mitigation strategies for CVE-2022-3144 primarily involve immediate plugin updates to versions that address the stored XSS vulnerability, typically through the implementation of proper input sanitization and output escaping mechanisms. Organizations should also implement network-level monitoring to detect unusual traffic patterns that might indicate exploitation attempts, while establishing robust access controls and privilege separation to limit the potential impact of compromised administrative accounts. Security teams should conduct thorough audits of plugin configurations and user permissions, ensuring that only essential personnel maintain administrative access. Additionally, implementing content security policies and regular security scanning of WordPress installations can help detect and prevent similar vulnerabilities from being exploited in other components of the web application stack, as this vulnerability demonstrates the critical importance of proper input validation and output escaping in preventing persistent security flaws.