CVE-2022-2887 The WP Server Health Stats plugin before 1.7.0 has flaws that allow high privilege users to perform CSX attacks.

All WordPress installations should update immediately to avoid potential attacks by hackers.

Before 1.7.0, WP Server Health Stats did not escape the wp_settings array in wp-config.php, which could result in Cross-Site Scripting attacks under certain circumstances.

In addition, WP Server Health Stats before 1.7.0 does not escape its get_header() function, which could result in Cross-Site Scripting attacks under certain circumstances.

In certain circumstances, WP Server Health Stats before 1.7.0 does not escape its get_footer() function, which could result in Cross-Site Scripting attacks under certain circumstances.

Before 1.7.0, WP Server Health Stats did not escape its get_sidebar() function, which could result in Cross-Site Scripting attacks under certain circumstances.

In certain circumstances, WP Server Health Stats before 1.7.0 does not escape its get_submenu() function, which could result in Cross-Site Scripting attacks under certain circumstances.

WP Server Health Stats before 1.7.0 does not escape its get_nav_menu_item() function, which could result in Cross-Site Scripting attacks under certain circumstances.

WP Server Health Stats before 1.7.0 does not escape its get_search_form() function, which could result in Cross-Site Scripting attacks under certain circumstances.

WP Server Health Stats

All WordPress installations should update immediately to avoid potential attacks by hackers .

All WordPress installations should update immediately to avoid potential attacks by hackers. The latest version of WordPress includes a security upgrade that fixes these issues.

What is WP Server Health Stats?

WP Server Health Stats is a WordPress plugin that checks the health of your site. It monitors for both malicious attacks and for legitimate errors and issues you may be experiencing. It can give you detailed information about your server in order to help you understand what might be causing these problems and how to fix them.

If you are using WP Server Health Stats, we recommend that you update to 1.7.0 immediately in order to avoid potential attacks by hackers.

Timeline

Published on: 09/16/2022 09:15:00 UTC
Last modified on: 09/20/2022 17:39:00 UTC

References

• https://wpscan.com/vulnerability/237541d5-c1a5-44f2-8e5f-82457b8f9497
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2887