Vulnerabilities ›

CVE-2022-50945

Medium

CWE-79 — Weakness Type

                    Published: May 10, 2026                      ·  Modified: May 13, 2026                      ·  Source: NVD                

CVSS v3

6.4

🔗 NVD Official

📄 Description (English)

WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input fields. Attackers can insert JavaScript payloads in the dady_input_text or dady2_input_text fields via the plugin options panel to execute arbitrary code when the page is viewed.

🤖 AI Executive Summary

CVE-2022-50945 is a stored XSS vulnerability in the WordPress 3dady real-time web stats plugin v1.0 that allows authenticated attackers to inject malicious JavaScript through unsanitized input fields. The vulnerability enables arbitrary code execution when affected pages are viewed, posing a risk to WordPress installations using this plugin. While no public exploit is available and the plugin appears abandoned, the lack of a patch makes this a persistent threat requiring immediate mitigation.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 13, 2026 16:20

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily affects Saudi organizations using WordPress for web presence, particularly government agencies, educational institutions, and small-to-medium enterprises that may use this plugin for analytics. The risk is elevated in sectors like e-commerce, media, and government digital services where WordPress is prevalent. The stored XSS nature means attackers with authenticated access (compromised admin accounts or insider threats) can inject malicious code affecting all site visitors, potentially leading to credential theft, malware distribution, or defacement. Saudi organizations relying on WordPress for critical services face reputational and operational risks.

🏢 Affected Saudi Sectors

Government and Public Administration Education and Universities E-commerce and Retail Media and Publishing Healthcare and Hospitals Financial Services Telecommunications Non-Profit Organizations

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1598 - Phishing T1566 - Phishing T1204 - User Execution T1059 - Command and Scripting Interpreter T1547 - Boot or Logon Autostart Execution T1547.014 - Browser Extensions T1539 - Steal Web Session Cookie T1056 - Input Capture T1185 - Man in the Browser

⚖️ Saudi Risk Score (AI)

6.8

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Audit all WordPress installations for the 3dady plugin presence using security scanning tools

2. Disable and remove the 3dady plugin immediately from all affected WordPress sites

3. Review user access logs for the plugin options panel to identify suspicious activity

4. Scan WordPress database for stored XSS payloads in dady_input_text and dady2_input_text fields



Compensating Controls:

1. Implement Web Application Firewall (WAF) rules to detect and block XSS patterns in WordPress admin requests

2. Restrict WordPress admin panel access to specific IP ranges and require multi-factor authentication

3. Deploy Content Security Policy (CSP) headers to prevent inline script execution

4. Enable WordPress security plugins (Wordfence, Sucuri) with real-time malware scanning

5. Implement database activity monitoring to detect unauthorized modifications



Detection Rules:

1. Monitor for POST requests to wp-admin/options.php containing 'dady_input_text' or 'dady2_input_text' parameters with script tags or event handlers

2. Alert on database queries modifying wp_options table with suspicious JavaScript content

3. Track failed and successful WordPress admin logins followed by plugin option modifications

4. Monitor for unusual JavaScript execution in page source code from admin-controlled content

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تدقيق جميع تثبيتات WordPress للتحقق من وجود إضافة 3dady باستخدام أدوات المسح الأمني

2. تعطيل وإزالة إضافة 3dady فوراً من جميع مواقع WordPress المتأثرة

3. مراجعة سجلات الوصول للمستخدمين في لوحة خيارات الإضافة لتحديد النشاط المريب

4. مسح قاعدة بيانات WordPress عن حمولات XSS المخزنة في حقول dady_input_text و dady2_input_text

الضوابط التعويضية:

1. تنفيذ قواعد جدار حماية تطبيقات الويب (WAF) للكشف عن أنماط XSS وحجبها في طلبات WordPress

2. تقييد الوصول إلى لوحة WordPress الإدارية على نطاقات IP محددة وتطلب المصادقة متعددة العوامل

3. نشر رؤوس سياسة أمان المحتوى (CSP) لمنع تنفيذ البرامج النصية المضمنة

4. تفعيل إضافات أمان WordPress (Wordfence, Sucuri) مع المسح الفوري للبرامج الضارة

5. تنفيذ مراقبة نشاط قاعدة البيانات للكشف عن التعديلات غير المصرح بها

قواعد الكشف:

1. مراقبة طلبات POST إلى wp-admin/options.php تحتوي على معاملات 'dady_input_text' أو 'dady2_input_text' مع علامات script أو معالجات أحداث

2. تنبيه على استعلامات قاعدة البيانات التي تعدل جدول wp_options بمحتوى JavaScript مريب

3. تتبع محاولات تسجيل الدخول الفاشلة والناجحة لـ WordPress متبوعة بتعديلات خيارات الإضافة

4. مراقبة تنفيذ JavaScript غير العادي في كود الصفحة من المحتوى الذي تتحكم به الإدارة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.6.1.1 - Access control policy A.6.2.1 - User registration and access rights management A.7.1.1 - Physical and environmental security A.12.2.1 - Restrictions on software installation A.12.4.1 - Event logging A.12.4.3 - Administrator and operator logs A.13.1.1 - Network security perimeter A.13.2.1 - Segregation of networks

🔵 SAMA CSF

ID.AM-2 - Software inventory and management PR.AC-1 - Access control policy and procedures PR.AC-4 - Access rights and privileges management PR.DS-2 - Data security and protection DE.AE-1 - Audit and accountability mechanisms DE.CM-1 - System monitoring and detection

🟡 ISO 27001:2022

A.5.1.1 - Policies for information security A.6.1.1 - Access control policy A.6.2.1 - User registration and access rights A.8.1.1 - User endpoint devices A.12.2.1 - Restrictions on software installation A.12.4.1 - Event logging A.12.4.3 - Administrator and operator logs A.13.1.1 - Network security perimeter A.14.2.1 - Secure development policy

🟣 PCI DSS v4.0.1

Requirement 2.2.4 - Configure system security parameters Requirement 6.2 - Ensure security patches are installed Requirement 6.5.7 - Cross-site scripting prevention Requirement 7.1 - Limit access to system components Requirement 10.2 - Implement automated audit trails

🔗 References & Sources 3

🔗

https://profiles.wordpress.org/3dady/

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/51021

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/wordpress-3dady-real-time-web-stats-stored-xss

disclosure@vulncheck.com

📊 CVSS Score

6.4

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score6.4

CWECWE-79

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-05-10

Source Feed nvd

🇸🇦 Saudi Risk Score

6.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-79

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2022-50945

💬 Comments

Introduce Yourself

Sign In Required