Page Generator <= 1.6.4 is vulnerable to Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Administrator

Published
2022-06-26

The Page Generator plugin is vulnerable to Cross-Site Scripting in versions up to, and including, 1.6.4. This allows authenticated users with high privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE

https://www.cve.org/CVERecord?id=CVE-2022-2100

CVSS

Score:4.8

Severity:Medium

Version: 1.6.4

There is a patch available in v1.6.5 and we strongly recommend you update to this version as soon as possible.