cleantalk
Vulnerabilities and Security Researches

WP Downgrade | Specific Core Version, CVE-2022-1001

CVE, Research URL

CVE-2022-1001

Home page URL

Security reports for WP Downgrade | Specific Core Version

Application

WP Downgrade | Specific Core Version

Published on
Apr 18, 2022
Research Description
The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfiltered_html capability is disallowed
Affected versions
Min -, max 1.2.3.
Status
vulnerable
Previous vulnerability researches
WP Downgrade | Specific Core Version , Aug 20, 2025
WP Downgrade | Specific Core Version (CVE-2022-1001) , Jun 07, 2024
New vulnerability
Add Code To Head (CVE-2025-48314) , Aug 29, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-58195) , Aug 29, 2025
WP Bulk Delete (CVE-2025-58192) , Aug 29, 2025
Responsive Mobile-Friendly Tooltip (CVE-2025-48316) , Aug 29, 2025
Savyour Affiliate Partner (CVE-2025-48306) , Aug 29, 2025