Exxp <= 2.6.8 – Subscriber+ Stored Cross-Site Scripting | CVE 2022-45812

Affects Plugins

exxp-wp

No known fix

References

CVE

CVE-2022-45812

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

8.0 (high)

Miscellaneous

Original Researcher

Aman Rawat

Verified

No

WPVDB ID

1776af76-5856-409c-b61f-912cde4d5490

Timeline

Publicly Published

2023-03-13 (about 3 years ago)

Added

2023-05-08 (about 3 years ago)

Last Updated

2023-05-08 (about 3 years ago)

Other

Published

Title

Published

2024-05-07

Title

Zotpress < 7.3.10 - Authenticated (Contributor+) Cross-Site Scripting

Published

2017-03-01

Title

WP-Filebase Download Manager - Authenticated Cross-Site Scripting (XSS)

Published

2026-03-03

Title

My Calendar – Accessible Event Manager < 3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Published

2024-01-26

Title

Exclusive Addons for Elementor < 2.6.9 - Contributor+ Stored XSS

Published

2026-03-14

Title

Ultra Addons for Contact Form 7 < 3.5.37 - Authenticated (Contributor+) Stored Cross-Site Scripting