cleantalk
Vulnerabilities and Security Researches

WP Admin UI Customize, CVE-2022-3824

CVE, Research URL

CVE-2022-3824

Home page URL

Security reports for WP Admin UI Customize

Application

WP Admin UI Customize

Published on
Nov 28, 2022
Research Description
The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 1.5.13.
Status
vulnerable
Previous vulnerability researches
WP Admin UI Customize (CVE-2024-53278) , Nov 28, 2024
WP Admin UI Customize (CVE-2022-3824) , Jun 07, 2024
New vulnerability
Post Rating and Review (CVE-2025-6538) , Jun 27, 2025
WP Masonry & Infinite Scroll (CVE-2025-5488) , Jun 27, 2025
Modern Design Library (CVE-2025-5842) , Jun 27, 2025
FastBook – Responsive Appointment Booking and Scheduling System (CVE-2025-25173) , Jun 27, 2025
Zapier for WordPress (CVE-2025-50010) , Jun 27, 2025