EUVD-2022-34732

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to poor sanitization

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2022-2473	6 Sep 202218:15	–	attackerkb
CNNVD	WordPress plugin WP-UserOnline 跨站脚本漏洞	6 Sep 202200:00	–	cnnvd
CVE	CVE-2022-2473	6 Sep 202217:18	–	cve
Cvelist	CVE-2022-2473 WP-UserOnline <= 2.87.6 - Authenticated (Admin+) Stored Cross-Site Scripting	6 Sep 202217:18	–	cvelist
NVD	CVE-2022-2473	6 Sep 202218:15	–	nvd
OSV	CVE-2022-2473	6 Sep 202218:15	–	osv
Patchstack	WordPress WP-UserOnline plugin <= 2.87.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability	19 Jul 202200:00	–	patchstack
Prion	Cross site scripting	6 Sep 202218:15	–	prion
Positive Technologies	PT-2022-16836 · WordPress · Wp-Useronline	6 Sep 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-2473	22 May 202522:59	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "8b6d7e15-e1b2-315d-9e86-9a799539c45b",
        "vendor": {
          "name": "GamerZ"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0bed68f6-bb26-3d7a-a647-63cb19951e48",
        "product": {
          "name": "WP-UserOnline"
        },
        "product_version": "* ≤2.87.6"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/6a44a55e-a96a-4698-9948-6ef33138a834
plugins	www.plugins.trac.wordpress.org/changeset
youtu	www.youtu.be/Q3zInrUnAV0
wordfence	www.wordfence.com/vulnerability-advisories/
exploit-db	www.exploit-db.com/exploits/50988
packetstormsecurity	www.packetstormsecurity.com/files/167864/wpuseronline2876-xss.txt
exploitalert	www.exploitalert.com/view-details.html
exploitalert	www.exploitalert.com/view-details.html

03 Oct 2025 20:07Current

5.3Medium risk

Vulners AI Score5.3

CVSS 3.14.8 - 5.5

EPSS0.00988

SSVC