{"api_version":"1","generated_at":"2026-04-21T22:25:27+00:00","cve":"CVE-2022-4119","urls":{"html":"https://cve.report/CVE-2022-4119","api":"https://cve.report/api/cve/CVE-2022-4119.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-4119","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-4119"},"summary":{"title":"CVE-2022-4119","description":"The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","state":"PUBLIC","assigner":"contact@wpscan.com","published_at":"2023-01-02 22:15:00","updated_at":"2023-11-07 03:56:00"},"problem_types":[],"metrics":[],"references":[{"url":"https://wpscan.com/vulnerability/11040133-c134-4f96-8421-edd04901ed0d","name":"https://wpscan.com/vulnerability/11040133-c134-4f96-8421-edd04901ed0d","refsource":"MISC","tags":[],"title":"Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS WordPress Security Vulnerability","mime":"text/html","httpstatus":"403","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-4119","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4119","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"4119","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sirv","cpe5":"image_optimizer\\,_resizer_and_cdn","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-4119","ASSIGNER":"contact@wpscan.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79 Cross-Site Scripting (XSS)"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Unknown","product":{"product_data":[{"product_name":"Image Optimizer, Resizer and CDN","version":{"version_data":[{"version_value":"0","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://wpscan.com/vulnerability/11040133-c134-4f96-8421-edd04901ed0d","refsource":"MISC","name":"https://wpscan.com/vulnerability/11040133-c134-4f96-8421-edd04901ed0d"}]},"generator":{"engine":"WPScan CVE Generator"},"source":{"discovery":"EXTERNAL"},"credits":[{"lang":"en","value":"iohex"},{"lang":"en","value":"WPScan"}]},"nvd":{"publishedDate":"2023-01-02 22:15:00","lastModifiedDate":"2023-11-07 03:56:00","problem_types":[],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.8,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.7,"impactScore":2.7}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sirv:image_optimizer\\,_resizer_and_cdn:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"6.8.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}