cleantalk
Vulnerabilities and Security Researches

Malware Scanner, CVE-2022-1995

CVE, Research URL

CVE-2022-1995

Home page URL

Security reports for Malware Scanner

Application

Malware Scanner

Published on
Jun 27, 2022
Research Description
The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
Affected versions
max 4.5.2.
Status
vulnerable
Previous vulnerability researches
Real Estate Pro (CVE-2026-1845) , Apr 24, 2026
Addonify – Compare Products For WooCommerce (CVE-2025-68023) , Feb 27, 2026
Malware Scanner (CVE-2024-25902) , Jun 07, 2024
Malware Scanner (CVE-2022-1995) , Jun 07, 2024
Malware Scanner (CVE-2023-52176) , Jun 07, 2024
New vulnerability
Events Addon for Elementor (CVE-2025-8150) , Apr 24, 2026
WordPress Infinite Scroll – Ajax Load More (CVE-2025-59582) , Apr 24, 2026
WP Compress – Image Optimizer [All-In-One] (CVE-2025-57899) , Apr 24, 2026
Classified Listing – Classified ads & Business Directory Plugin (CVE-2025-7711) , Apr 24, 2026
Popup Anything – Popup for opt-ins and Lead Generation Conversions (CVE-2026-6443) , Apr 24, 2026