Login Sign Up

CVE-2022-2219

7.2 HIGH
Cross-Site Scripting

📋 TL;DR

This vulnerability in the Unyson WordPress plugin allows attackers to inject malicious scripts into web pages viewed by other users. It affects WordPress sites running Unyson plugin versions before 2.7.27. The attack requires user interaction but can lead to session hijacking or credential theft.

💻 Affected Systems

Products:
  • Unyson WordPress Plugin
Versions: All versions before 2.7.27
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with Unyson plugin enabled. Vulnerability is in parameter handling without proper sanitization.

📦 What is this software?

Unyson by Brizy

View all CVEs affecting Unyson →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, take over WordPress sites, install backdoors, or redirect users to malicious sites.

🟠

Likely Case

Attackers craft malicious links containing XSS payloads, trick users into clicking them, and steal session cookies or perform actions on behalf of authenticated users.

🟢

If Mitigated

With proper Content Security Policy (CSP) headers and input validation, impact is limited to script execution in specific contexts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Reflected XSS requires user to click malicious link. Exploit code is publicly available in vulnerability databases.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.27

Vendor Advisory: https://wordpress.org/plugins/unyson/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find Unyson plugin. 4. Click 'Update Now' if available. 5. If manual update needed, download version 2.7.27+ from WordPress.org. 6. Deactivate old plugin. 7. Upload new version via FTP or file manager. 8. Activate plugin.

🔧 Temporary Workarounds

Disable Unyson Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate unyson

Implement Content Security Policy

all

Add CSP headers to restrict script execution

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";

🧯 If You Can't Patch

  • Implement Web Application Firewall (WAF) rules to block XSS payloads
  • Restrict plugin access to trusted users only using .htaccess or nginx rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for Unyson version. If version < 2.7.27, vulnerable.

Check Version:

wp plugin list --name=unyson --field=version

Verify Fix Applied:

Verify Unyson plugin version shows 2.7.27 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual GET/POST requests with script tags in parameters
  • Multiple failed XSS attempts in web server logs

Network Indicators:

  • HTTP requests containing <script> tags or javascript: URIs in query parameters

SIEM Query:

source="web_server_logs" AND (uri="*<script>*" OR uri="*javascript:*") AND uri="*unyson*"

📊 Metadata

CVE ID: CVE-2022-2219
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: July 25, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-2219, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)