CVE-2022-1913

🗓️ 27 Jun 2022 08:58:29Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 63 Views🌐 WEB

The Add Post URL WordPress plugin through 2.1.0 lacks CSRF check, leading to Stored Cross-Site Scripting

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2022-1913	27 Jun 202209:15	–	attackerkb
CNNVD	WordPress plugin Add Post URL 跨站请求伪造漏洞	27 Jun 202200:00	–	cnnvd
CNVD	WordPress Add Post URL plugin cross-site request forgery vulnerability	30 Jun 202200:00	–	cnvd
Cvelist	CVE-2022-1913 Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF	27 Jun 202208:58	–	cvelist
EUVD	EUVD-2022-25185	3 Oct 202520:07	–	euvd
NVD	CVE-2022-1913	27 Jun 202209:15	–	nvd
Patchstack	WordPress Add Post URL plugin <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability	1 Jun 202200:00	–	patchstack
Prion	Cross site scripting	27 Jun 202209:15	–	prion
RedhatCVE	CVE-2022-1913	22 May 202522:19	–	redhatcve
wpexploit	Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF	1 Jun 202200:00	–	wpexploit

NVD

Vulners

Node

add_post_url_project add_post_urlRange≤2.1.0wordpress

[
  {
    "product": "Add Post URL",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "2.1.0",
        "status": "affected",
        "version": "2.1.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/2cafef43-e64a-4897-8c41-f0ed473d7ead

Parameter	Position	Path	Description	CWE
add_url_by_default	request body	wp-admin/options-general.php?page=wp-posturl/posturl-options.php	CSRF-unauthorized update of plugin settings leading to potential stored XSS due to lack of sanitization/escaping	CWE-352
header_text	request body	wp-admin/options-general.php?page=wp-posturl/posturl-options.php	CSRF-unauthorized update of plugin settings leading to potential stored XSS due to lack of sanitization/escaping	CWE-352
footer_text	request body	wp-admin/options-general.php?page=wp-posturl/posturl-options.php	CSRF-unauthorized update of plugin settings leading to potential stored XSS due to lack of sanitization/escaping	CWE-352
add_to_home	request body	wp-admin/options-general.php?page=wp-posturl/posturl-options.php	CSRF-unauthorized update of plugin settings leading to potential stored XSS due to lack of sanitization/escaping	CWE-352
add_to_page	request body	wp-admin/options-general.php?page=wp-posturl/posturl-options.php	CSRF-unauthorized update of plugin settings leading to potential stored XSS due to lack of sanitization/escaping	CWE-352
add_to_category	request body	wp-admin/options-general.php?page=wp-posturl/posturl-options.php	CSRF-unauthorized update of plugin settings leading to potential stored XSS due to lack of sanitization/escaping	CWE-352
add_to_tag	request body	wp-admin/options-general.php?page=wp-posturl/posturl-options.php	CSRF-unauthorized update of plugin settings leading to potential stored XSS due to lack of sanitization/escaping	CWE-352
add_to_archive	request body	wp-admin/options-general.php?page=wp-posturl/posturl-options.php	CSRF-unauthorized update of plugin settings leading to potential stored XSS due to lack of sanitization/escaping	CWE-352
add_to_single	request body	wp-admin/options-general.php?page=wp-posturl/posturl-options.php	CSRF-unauthorized update of plugin settings leading to potential stored XSS due to lack of sanitization/escaping	CWE-352
add_to_feed	request body	wp-admin/options-general.php?page=wp-posturl/posturl-options.php	CSRF-unauthorized update of plugin settings leading to potential stored XSS due to lack of sanitization/escaping	CWE-352

17 Jun 2026 04:23Current

4.3Medium risk

Vulners AI Score4.3

CVSS 3.14.3

CVSS 24.3

EPSS0.00412

CWE-352